- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 15 Nov 2011 11:33:38 -0800
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Webapps WG <public-webapps@w3.org>, Olli Pettay <Olli.Pettay@helsinki.fi>, "olli@pettay.fi" <olli@pettay.fi>
On Tue, Nov 15, 2011 at 4:22 AM, Anne van Kesteren <annevk@opera.com> wrote: > On Mon, 14 Nov 2011 17:55:25 +0100, Jonas Sicking <jonas@sicking.cc> wrote: >> >> Yes, I think cross-origin should not work with sync. That is currently the >> only synchronous communication mechanism cross origin. Without it a UA >> could put up UI if it wants to explicitly allow users to control such >> communication. > > Eww. But you agree with my suggestion about exceptions? I can put that in > the specification and push to get it implemented in Opera, but it would help > if you said you agreed with the specifics to avoid surprises down the road. So if I understand the proposal correctly: After .open has been called with async=false: * setting .responseType to anything other than "" throws InvalidAccessError * setting .wirthCredentials to true throws InvalidAccessError Additionally, when calling .open with async=false, throw InvalidAccessError if .responseType is set to anything other than "" or .withCredentials is true. If that's the proposal, then this sounds good to me. / Jonas
Received on Tuesday, 15 November 2011 19:35:03 UTC