- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 26 Sep 2006 20:48:56 +0200
- To: "Alexey Proskuryakov" <ap-carbon@rambler.ru>, public-webapi@w3.org
On Tue, 26 Sep 2006 20:43:11 +0200, Alexey Proskuryakov
<ap-carbon@rambler.ru> wrote:
> Is this a new feature that's not present in browsers yet? From my tests,
> it looks like WinIE doesn't support userinfo at all, while Firefox takes
> string values of whatever objects are passed as user/password, e.g.
> "req.open('GET', url, true, null, null)" sets the credentials to
> "null"/"null", so the null clause doesn't apply.
Interesting. I suppose that could be a bug... Anyway, I suggest you use
http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8
for reading as that's a more current version.
> Second, should the password from userinfo be used if only the user
> parameter is provided: "req.open('GET', url, true, 'user')"? Firefox
> resets the password to an empty string in this situation.
I would say it shouldn't be provided in this case (same as null), but I
guess that needs more clarification.
> Finally, I'm not sure whether userinfo support is required for
> conformance. As quoted above, it's a MUST, but then, it is added that
> browsers MAY not support it: "The usage of userinfo is discouraged MAY
> not work in implementations."
This should be more clear in the latest revision. For HTTP you probably
shouldn't support it (and throw a SYNTAX_ERR) but for some protocols it
makes some sense. For FTP you often have the username:anonymous@domain.com
logins... However, the current draft only "covers" HTTP.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 26 September 2006 18:49:30 UTC