Consolidating replies a bit... On Apr 22, 2010, at 11:29 AM, Dirk Pranke wrote: > > Here's some new directions ... > > ContextFreeRequest > StatelessRequest > SessionlessRequest All HTTP requests are stateless, and sessionless could mean many things, so I'm not keen on those. ContextFree is a good suggestion. > > or, since we're really talking about cookies here ... > > CookielessRequest > CookieFreeRequest > SugarFreeRequest > IncognitoRequest (playing off of Chrome's "Incognito" mode, which > doesn't use your browser's normal cookie store) Cookies are not the only issue. Another key difference is not sending headers that identify the site making the request (e.g. Origin or Referer). Secondary issues are other forms of client authentication such as HTTP authentication and SSL client certificates. Those are not very commonly used on public Web sites, but they need to be excluded for the proposed API to be secure. On Apr 22, 2010, at 11:37 AM, Tab Atkins Jr. wrote: > Count me as one web developer who won't miss the annoying and > inaccurate "XH" from any future "R"s. I think that dropping them now > won't be very confusing (the Request part has always been the > meaningful one for me), and it then opens the door for future types of > Requests to just share in the Request name, not the full baggage-laden > XHR name. If we do drop the "XH" that gives us the freedom to be a little more verbose in the rest of the name, if we so choose. Regards, Maciej
Received on Thursday, 22 April 2010 18:50:38 UTC