Consolidating replies a bit...
On Apr 22, 2010, at 11:29 AM, Dirk Pranke wrote:
>
> Here's some new directions ...
>
> ContextFreeRequest
> StatelessRequest
> SessionlessRequest
All HTTP requests are stateless, and sessionless could mean many
things, so I'm not keen on those. ContextFree is a good suggestion.
>
> or, since we're really talking about cookies here ...
>
> CookielessRequest
> CookieFreeRequest
> SugarFreeRequest
> IncognitoRequest (playing off of Chrome's "Incognito" mode, which
> doesn't use your browser's normal cookie store)
Cookies are not the only issue. Another key difference is not sending
headers that identify the site making the request (e.g. Origin or
Referer). Secondary issues are other forms of client authentication
such as HTTP authentication and SSL client certificates. Those are not
very commonly used on public Web sites, but they need to be excluded
for the proposed API to be secure.
On Apr 22, 2010, at 11:37 AM, Tab Atkins Jr. wrote:
> Count me as one web developer who won't miss the annoying and
> inaccurate "XH" from any future "R"s. I think that dropping them now
> won't be very confusing (the Request part has always been the
> meaningful one for me), and it then opens the door for future types of
> Requests to just share in the Request name, not the full baggage-laden
> XHR name.
If we do drop the "XH" that gives us the freedom to be a little more
verbose in the rest of the name, if we so choose.
Regards,
Maciej