[Bug 17242] New: Consider doing anonymous requests as a constructor argument rather than as a separate constructor from bugzilla@jessica.w3.org on 2012-05-30 (public-webapps@w3.org from April to June 2012)

From: <bugzilla@jessica.w3.org>
Date: Wed, 30 May 2012 07:28:04 +0000
To: public-webapps@w3.org
Message-ID: <bug-17242-2927@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17242

           Summary: Consider doing anonymous requests as a constructor
                    argument rather than as a separate constructor
           Product: WebAppsWG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: XHR
        AssignedTo: annevk@annevk.nl
        ReportedBy: jonas@sicking.cc
         QAContact: public-webapps-bugzilla@w3.org
                CC: mike@w3.org, public-webapps@w3.org


I propose that we do anonymous requests using something like:

new XMLHttpRequest({ anon: true });

rather than the current

new AnonXMLHttpRequest();


That way we can more easily add other "constructors" which affect the security
model that an XHR object uses.

For example, in B2G we are adding the ability for apps to get permission to get
low-level network access and do things like open raw sockets. As a convenience,
we'd also like to expose the XMLHttpRequest API since that exposes no
additional functionality but is a much easier to use API. In that scenario we
need the ability to instantiate an XHR object which never sends cookies, but
also is allowed to make network requests cross site without relying on CORS.

See https://bugzilla.mozilla.org/show_bug.cgi?id=692677#c39

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Wednesday, 30 May 2012 07:28:12 UTC