- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 16 Feb 2010 16:44:04 +0100
- To: "WebApps WG" <public-webapps@w3.org>
I introduced a new constructor argument for XMLHttpRequest, named anon. This is based on the earlier thread where I suggested that UMP is not needed if we make this small enhancement to XMLHttpRequest. Basically, if the parameter is set to true, the "XMLHttpRequest origin" is forced to be a unique identifier, setting a username and password through open() will throw an INVALID_ACCESS_ERR, and setting withCredentials will likewise throw an INVALID_ACCESS_ERR. All the other desired properties follow automatically. (In fact, the changes to open() would not have been needed.) Now we introduced this I wonder if implementors are willing to consider to: A. Remove withCredentials. The use case for this feature is now rather small and I still think it is rather ugly. B. Also throw an INVALID_ACCESS_ERR for username and password arguments to open() when the URL provided is non same-origin. Now they are just ignored, but it seems better to throw so people are not confused why things are not working. Feedback would be much appreciated! -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 16 February 2010 15:44:35 UTC