Re: [XHR2] new XMLHttpRequest(anon)

On Tue, 16 Feb 2010 19:53:22 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Hmm.. I have three concerns.
>
> 1. There's a risk of breaking existing content
> 2. I'd fairly strongly prefer to default to *not* sending credentials.

You get that if you use the new constructor.


> It's better that people by default get a simpler security model, and
> if really needed, opt in to getting a more complex one. I wouldn't
> want people to end up setting up the server to accepting requests with
> credentials because they don't know about credential-less requests, or
> because the back end developer is a stronger developer than the front
> end developer and so the team ends up deciding to make the change
> there.

I don't really get the latter justification. The back end can always  
ignore the credentials.


> 3. The new syntax is fairly unintuitive. I would prefer to use a
> separate constructor, like AnonXMLHttpRequest.

Given the limited new functionality I thought it would be best to not  
further clutter the global object.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Wednesday, 17 February 2010 08:25:29 UTC