- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 17 Mar 2008 23:12:59 +0100
- To: "Sunava Dutta" <sunavad@windows.microsoft.com>, "Maciej Stachowiak" <mjs@apple.com>, "Eric Lawrence" <ericlaw@exchange.microsoft.com>
- Cc: "Web API WG (public)" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>, "Chris Wilson" <Chris.Wilson@microsoft.com>, "Zhenbin Xu" <zhenbinx@windows.microsoft.com>, "Gideon Cohn" <gidco@windows.microsoft.com>, "Sharath Udupa" <Sharath.Udupa@microsoft.com>, "Doug Stamper" <dstamper@exchange.microsoft.com>, "Marc Silbey" <marcsil@windows.microsoft.com>
On Mon, 17 Mar 2008 22:29:54 +0100, Sunava Dutta <sunavad@windows.microsoft.com> wrote: > There are many threats against a cross-domain communication mechanism, > so we believe the simplicity of XDR makes it more suitable than > attempting to plumb cross-domain capabilities into the existing XHR > object. In particular, we are concerned that attempting to introduce > new restrictions/added complexity on an XHR object when it is used in a > cross-domain manner will result in a confusing programming model for the > web developer. Could you elaborate on why you consider the proposed model to be confusing for Web developers? It's in fact as simple as: var client = new XMLHttpRequest() client.onreadystatechange = function() { ...} client.open("GET", "http://cross-site.example.org/resource") client.send() Indeed, as complex as normal usage of XMLHttpRequest. The model proposed doesn't just solve it for XMLHttpRequest, it can also be used for cross-site XSLT: <?xml-stylesheet href="http://cross-site.example.org/transform" type="application/xslt+xml"?> Again, no changes required in the way you initiate the request. The server-side is not much more complex than what has been proposed by Microsoft although a preflight request has to be handled by the server to ensure that the server is ok with custom methods, a request entity body, etc. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 17 March 2008 22:12:48 UTC