- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 8 Jan 2010 14:53:26 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
One more question: the draft doesn't seem to provide any way to generate a uniform request. Are we planning to have another specification for an API for generating these requests? Adam On Fri, Jan 8, 2010 at 1:41 PM, Adam Barth <w3c@adambarth.com> wrote: > [[ > In particular, the user agent should not add the HTTP headers: > User-Agent, Accept, Accept-Language, Accept-Encoding, or > Accept-Charset > ]] > > This seems a bit overly constrictive. Maybe we should send "Accept: */*", etc? > > More generally, I suspect the requirements in Section 3.2 violate > various HTTP RFCs. Maybe we should use the term "willful violation" > somewhere? > > [[ > If the response to a uniform request is an HTTP redirect, it is > handled as specified by [HTTP], whether or not the redirect is itself > a uniform response. If the redirect is not a uniform response, the > user-agent must still prevent the requesting content from accessing > the content of the redirect itself, though a response to a redirected > request might be accessible if it is a uniform response. If the > response to a uniform request is an HTTP redirect, any redirected > request must also be a uniform request. > ]] > > This seems looser than needed. It would be better if the redirect had > to be a uniform response also. There's a note in the spec "The HTML > <form> element can also follow any redirect, without restriction by > the Same Origin Policy", but the <form> element also sends Accept and > User-Agent headers. What's the reason for excluding the headers but > not requiring redirects to be uniform responses? > > What happens with Set-Cookie headers included in uniform responses? > It seems like we ought to ignore them based on the principle that UMP > requests are made from a state store / context that is completely > separate from the user agents normal state store / context. > > Adam >
Received on Friday, 8 January 2010 22:54:20 UTC