- From: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Date: Thu, 30 May 2013 14:30:21 +0200
- To: "Anne van Kesteren" <annevk@annevk.nl>
- Cc: ๏̯͡๏ Jasvir Nagra <jasvir@google.com>, "Julian Aubourg" <j@ubourg.net>, "Jungkee Song" <jungkees@gmail.com>, "John Kemp" <john@jkemp.net>, nathan <nathan@webr3.org>, "art.barstow" <art.barstow@nokia.com>, "Devdatta Akhawe" <dev.akhawe@gmail.com>, "Ian Hickson" <ian@hixie.ch>, "Tab Atkins Jr." <jackalmage@gmail.com>, w3c <w3c@adambarth.com>, ojan <ojan@chromium.org>, "Dirk Pranke" <dpranke@chromium.org>, mjs <mjs@apple.com>, "Tyler Close" <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>, "Charles McCathie Nevile" <chaals@yandex-team.ru>, "Mark S. Miller" <erights@google.com>, "Jonas Sicking" <jonas@sicking.cc>
> > OK then - Anne and others, what do you think about creating a new tri-state xhr.credentialsPolicy property and discouraging usage of xhr.withCredentials ? > > I think I'd prefer removing the constructor flag and leaving new > features to the API for Fetch. Sorry, I don't understand what you meant by this sentence. Fetch already has the required "underpinnings" for this tri-state flag: http://fetch.spec.whatwg.org/#concept-request-omit-credentials-mode "A request has an associated omit credentials mode, which is one of always, CORS, and never." which maps exactly to credentialsPolicy: "omit credentials mode": always == credentialsPolicy: never (naming can be discussed, withCredentials='never' would be more intuitive but as we're not redefining withCredentials.. Maybe credentialsPolicy = 'nocredentials' ?) "omit credentials mode": CORS == credentialsPolicy: 'samedomain' "omit credentials mode": never == credentialsPolicy: 'always' So creating a new tri-state property in the XHR spec should also simplify integration with the Fetch spec. > Also, we still need to nail down the > details of withCredentials. Questions raised in > http://lists.w3.org/Archives/Public/public-webapps/2013AprJun/0499.html > have gone without conclusive answers. I'm afraid I have no idea what the answers are.. -- Hallvord R. M. Steen Core tester, Opera Software
Received on Thursday, 30 May 2013 12:31:28 UTC