- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 16 May 2008 13:37:54 +0200
- To: "Ian Hickson" <ian@hixie.ch>, "public-webapi@w3.org" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>
On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <ian@hixie.ch> wrote: > Anne, can you summarise what needs doing to XHR2 and AC to move them > forwards to last call? Is there a list of outstanding comments anywhere? XMLHttpRequest Level 2 * Depends on XMLHttpRequest Level 1 feedback: http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2 * It needs an introduction at some point. (Though not per se for Last Call I suppose.) Access Control for Cross-Site Requests * Need to deal with Access-Control-Policy-Path normalization * Need to figure out if we want the server to whitelist headers/methods (we had methods before and then dropped it) * Need to figure out if we want the server to opt in to cookies/credentials > If there's anything I can do to help I'd be happy to do so. I would like > to see this draft reach last call this month if possible. If you have any ideas on how to solve the non-obvious bits of the above that would help. Personally: * Discouraging the use of Access-Control-Policy-Path other than with a value of / for IIS works for me. * Adding the Access-Control-Headers and Access-Control-Methods conditionals is fine with me. * I don't think we need to add opt in for cookies/credentials given that for GET such requests are already possible and for non-GET there's an OPTIONS opt-in request. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 16 May 2008 11:38:24 UTC