W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Anne van Kesteren <annevk@opera.com>
Date: Sat, 13 Jun 2009 10:56:10 +0200
To: "Mark S. Miller" <erights@google.com>
Cc: "Tyler Close" <tyler.close@gmail.com>, "Adam Barth" <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uvggfwig64w2qv@annevk-t60>
On Sat, 13 Jun 2009 01:34:09 +0200, Mark S. Miller <erights@google.com> wrote:
> On Mon, Jun 8, 2009 at 2:44 PM, Anne van Kesteren <annevk@opera.com>  
> wrote:
>> I sort of like the idea of having a new (named) constructor or maybe  
>> have the constructor take an argument to indicate credentials are supposed  
>> to be omitted. This would also allow us to drop the withCredentials flag.
> * What drafts need revision to bring this about? Obviously, cors itself.

I don't think CORS needs any changes for this. You simply ensure that the credentials flag is always false and that the source origin is a globally unique identifier.

> And Adam's IETF I-D. Also in seems, <
> http://dev.w3.org/2006/webapi/XMLHttpRequest-2/>. Is this the right  
> version to start from? What other documents might need coordinated revision?
> * The existing XHR2 draft above specifies XMLHttpRequest in WebIDL as
>     [Constructor]
>     interface XMLHttpRequest : XMLHttpRequestEventTarget {
>         //... API of instances...
>     };
> In the favored style of WebIDL use, should I declare GuestXMLHttpRequest  
> to inherit from XMLHttpRequest, or should I move the above API to a shared
> AbstractXMLHttpRequest and have both XMLHttpRequest and  
> GuestXMLHttpRequest
> inherit from it? AFAICT, these should result in identical language  
> bindings, so it's only a question of specification easthetics.

If we decide this is the right idea (and please do reply to my other emails regarding whether this feature is justified) we can add a named constructor.

  interface XMLHttpRequest : ...

Anne van Kesteren
Received on Saturday, 13 June 2009 08:57:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC