- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sun, 17 Mar 2013 09:16:03 +0000
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: WHATWG <whatwg@whatwg.org>
On Sun, Mar 17, 2013 at 1:10 AM, Jonas Sicking <jonas@sicking.cc> wrote: > On Mon, Mar 11, 2013 at 4:31 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Preceded the specification? I doubt that. When was it added? The >> specification was done start of 2010 somewhere based on the >> requirements coming from UMP: >> http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/0340.html > > I see that my attempt at focusing on the important issues failed. > Would you like to debate whether the new syntax constitutes a new > feature or would you like to debate the technical issues of whether we > want the a) and b) behavior? I tried to address both by pointing to UMP which wants both a) and b). The alternative would be to use <iframe sandbox=allow-scripts> which exhibits the same behavior given the unique origin (that also blocks Referer). I believe at least Maciej expressed interest in supporting the UMP use case. If anon:true means no more than withCredentials=false we should call it withCredentials instead as EventSource does at the moment. Although given XMLHttpRequest already has withCredentials there would be nothing new in that addition and generally we've refrained from adding such duplicate features. -- http://annevankesteren.nl/
Received on Sunday, 17 March 2013 09:16:38 UTC