- From: Charles Pritchard <chuck@jumis.com>
- Date: Thu, 26 Aug 2010 17:24:34 -0700
On 8/25/2010 2:02 PM, Ian Hickson wrote:
> On Mon, 2 Aug 2010, Charles Pritchard wrote:
>>> [ UAs can use<input type=file> to let the user enter remote URLs ]
>> When a user through selection, click+drag or manual entry of a URL
>> should the browser still submit an Origin request header? It seems that
>> CORS doesn't come into effect here -- but at the same time, it'd be
>> handy for logging purposes and added security.
> I don't think there'd be an origin, but that's rather up to the user
> agent. (In this case it's acting on behalf of the user, not the page, so I
> don't think it makes sense to give the page's origin.)
Sounds like an implementer would not include a Referer header, either.
...
Continuing on with tweaking URLs to work with with the File API:
Chrome has gone ahead with their setData proposal, enhancing the
event.dataTransfer
object so that users may drag a file from within the browser onto their
desktop.
The extension uses setData with a key of DownloadURL and a value
including a mime type,
file descriptor and URI.
I'd like this interface to work within ondrop; if getData(DownloadURL)
is set,
then a FileList would be returned in event.dataTransfer.files, much like
it is when
users drag files from their desktop into the browser.
This would of course require Origin checks; whereas dragging onto the
desktop
does not require an Origin check.
...
Here's the current example of setData(DownloadURL) and my comments.
https://code.google.com/p/html5rocks/issues/detail?id=136
var dragElem = document.getElementById("ID_Element_to_be_dragged");
dragElem.addEventListener(
"dragstart",
function(event) {
event.dataTransfer.setData(
"DownloadURL",
"application/pdf:sample.pdf:http://example.com/example-download-data");
},
false
);
Received on Thursday, 26 August 2010 17:24:34 UTC