On Mon, May 6, 2013 at 7:57 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Mon, May 6, 2013 at 5:45 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> > On Mon, May 6, 2013 at 4:28 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
> >> Okay. So that fails for XMLHttpRequest :-(
> >
> > What do you mean? Those are the steps we take for XHR requests too.
>
> So e.g. open() needs to do URL parsing (per XHR spec), send() would
> cause CSP to fail (per CSP spec), send() also does the fetch (per XHR
> spec). Overall it seems like a different model from the other APIs,
> but maybe I'm missing something?
>
XHR isn't so different from other APIs, it's just that the separation of
"URL enters the API" and "the fetch is started" is more obvious, and more
easily controlled from script. I think that makes it a really good test
case.
--
Glenn Maynard