Re[2]: About XMLHttpRequest Draft

> Content-MD5 is not set by most UAs, and so it's useful for the author
> to set it manually. While it may be difficult to calculate (esp. if
> the content is a DOMString), it's certainly possible.

Calculating Content-MD5 inside the UA is a valuable feature,
that removes burden on the user. I suggest two things for the
draft:

  * isSupported("hash-md5") method, so the user can check if
    his own MD5 script is needed on the transition phase.
  * Calculate MD5 automatically if Content-MD5 appears on
    setRequestHeader.

> Likewise, From is not normally set by UAs automatically, and it might
> be useful in some contexts.

The From header raises privacy concerns, if the XHR supports
it, the user must be able to disable it.

> I can easily see a case where a library or other XHR application
> might want to append something to the UA header.

I think that the User-Agent must identify unequivocally
software implementing XHR, if it is modified, it can easily
tell incorrect information to the server, specially on
cross-site XHR. Most UA headers already are long enough.

Truly

Óscar Toledo G.
http://www.biyubi.com/

Received on Wednesday, 19 July 2006 19:47:28 UTC