Jonas - would please elaborate on your concerns regarding these three
comments/issues? I would like to see the WG get consensus on these
before we propose advancing the spec to Last Call.
More explicit details below.
-Regards, Art Barstow
On May 25, 2008, at 1:30 PM, ext Jonas Sicking wrote:
Anne van Kesteren wrote:
I changed my mind on several things below.
On Fri, 16 May 2008 13:37:54 +0200, Anne van Kesteren
<[EMAIL PROTECTED]> wrote:
On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <[EMAIL PROTECTED]>
wrote:
Anne, can you summarise what needs doing to XHR2 and AC to move
them
forwards to last call? Is there a list of outstanding comments
anywhere?
XMLHttpRequest Level 2
* Depends on XMLHttpRequest Level 1 feedback: http://dev.w3.org/
2006/webapi/XMLHttpRequest/disposition-of-comments-2
* It needs an introduction at some point. (Though not per se for
Last Call I suppose.)
This is both still true though I made some progress incorperating
feedback. (Need to make sure everything relevant made
XMLHttpRequest 2 too though.
Access Control for Cross-Site Requests
* Need to deal with Access-Control-Policy-Path normalization
Done.
I think we do need to deal with this. Just leaving it be will I
think will cause exploitable servers out there.
Do you have a counter-proposal and/or other inputs on what should be
done?
* Need to figure out if we want the server to whitelist headers/
methods (we had methods before and then dropped it)
I changed my mind on this. Given the reply from Björn in
particular I don't think there's anything that needs to be done here.
I strongly disagree here. Sorry about being slow to reply, will
make sure that happens today.
Looking forward to your comments.
* Need to figure out if we want the server to opt in to cookies/
credentials
I rejected this proposal in another e-mail.
Same thing here.
Again, looking forward to your comments.
