Re: IE Team's Proposal for Cross Site Requests

On Mon, 17 Mar 2008 22:29:54 +0100, Sunava Dutta  
<sunavad@windows.microsoft.com> wrote:
> There are many threats against a cross-domain communication mechanism,  
> so we believe the simplicity of XDR makes it more suitable than  
> attempting to plumb cross-domain capabilities into the existing XHR  
> object.  In particular, we are concerned that attempting to introduce  
> new restrictions/added complexity on an XHR object when it is used in a  
> cross-domain manner will result in a confusing programming model for the  
> web developer.

Could you elaborate on why you consider the proposed model to be confusing  
for Web developers? It's in fact as simple as:

   var client = new XMLHttpRequest()
   client.onreadystatechange = function() { ...}
   client.open("GET", "http://cross-site.example.org/resource")
   client.send()

Indeed, as complex as normal usage of XMLHttpRequest. The model proposed  
doesn't just solve it for XMLHttpRequest, it can also be used for  
cross-site XSLT:

   <?xml-stylesheet
     href="http://cross-site.example.org/transform"
     type="application/xslt+xml"?>

Again, no changes required in the way you initiate the request. The  
server-side is not much more complex than what has been proposed by  
Microsoft although a preflight request has to be handled by the server to  
ensure that the server is ok with custom methods, a request entity body,  
etc.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Monday, 17 March 2008 22:12:48 UTC