Re: [UMP] Feedback on UMP from a quick read

One more question: the draft doesn't seem to provide any way to
generate a uniform request.  Are we planning to have another
specification for an API for generating these requests?


On Fri, Jan 8, 2010 at 1:41 PM, Adam Barth <> wrote:
> [[
> In particular, the user agent should not add the HTTP headers:
> User-Agent, Accept, Accept-Language, Accept-Encoding, or
> Accept-Charset
> ]]
> This seems a bit overly constrictive.  Maybe we should send "Accept: */*", etc?
> More generally, I suspect the requirements in Section 3.2 violate
> various HTTP RFCs.  Maybe we should use the term "willful violation"
> somewhere?
> [[
> If the response to a uniform request is an HTTP redirect, it is
> handled as specified by [HTTP], whether or not the redirect is itself
> a uniform response. If the redirect is not a uniform response, the
> user-agent must still prevent the requesting content from accessing
> the content of the redirect itself, though a response to a redirected
> request might be accessible if it is a uniform response. If the
> response to a uniform request is an HTTP redirect, any redirected
> request must also be a uniform request.
> ]]
> This seems looser than needed.  It would be better if the redirect had
> to be a uniform response also.  There's a note in the spec "The HTML
> <form> element can also follow any redirect, without restriction by
> the Same Origin Policy", but the <form> element also sends Accept and
> User-Agent headers.  What's the reason for excluding the headers but
> not requiring redirects to be uniform responses?
> What happens with Set-Cookie headers included in uniform responses?
> It seems like we ought to ignore them based on the principle that UMP
> requests are made from a state store / context that is completely
> separate from the user agents normal state store / context.
> Adam

Received on Friday, 8 January 2010 22:54:20 UTC