W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

[MIX] Modifications to script APIs

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2014 14:48:05 +0100
Message-ID: <CADnb78jWvN=MBcSS_KvDLy3YWR+LVT1fBQu1_nC4Giv2kkeGQA@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
I'm pretty sure I raised this before.

Throwing from XMLHttpRequest's open() method for something that is
effectively a network error is not acceptable. This should happen
asynchronously during send() as part of the integration between Fetch
and Mixed Content.

The same comment applies to EventSource.

WebSocket is somewhat harder since it does not go through Fetch, but I
think we want the same principle to apply there.


-- 
https://annevankesteren.nl/
Received on Thursday, 30 October 2014 13:48:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC