- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 10 May 2010 13:05:25 +0200
- To: "WebApps WG" <public-webapps@w3.org>
After considering the various names for constructing an XMLHttpRequest object that when fetching would not expose the origin and user credentials I decided to go with AnonXMLHttpRequest(). It was already in the draft as a boolean argument for the constructor, but feedback from Maciej indicated that it was not good enough[1]. I also aligned the definition of user credentials with that of CORS: http://dev.w3.org/2006/webapi/XMLHttpRequest-2/ http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#dom-anonxmlhttprequest http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#user-credentials Mark Miller has argued that AnonXMLHttpRequest might be misleading, but from talking with Web developers -- asking them what they thought the effect on the request would be -- it seems that from * UniformXMLHttpRequest * AnonXMLHttpRequest * GuestXMLHttpRequest * NoContextXMLHttpRequest AnonXMLHttpRequest was the most well understood. I do not think anybody will be confused that you can still include some kind of identifying token in the entity body or a request header and that the browser will not magically filter it out. Mark Miller and Tab Atkins both argued against re-using XMLHttpRequest because it was not limited to XML and because it could also be used for HTTPS. The latter of those arguments is actually wrong. HTTPS is not a different protocol from HTTP, it is just a different URL scheme. (To be fair, browsers typically allow using XMLHttpRequest on the local file system.) Even so, XMLHttpRequest is the way to do requests from JavaScript and the new constructor will expose an object that is identical to it. In fact, it inherits from it and shares the prototype chain. So I decided it was a) better to follow convention for interfaces that inherit and b) that since it is very similar in nature it should be similar in name, even though the name is not technically sound for historical reasons. [1]<http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0210.html> -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 10 May 2010 11:06:17 UTC