Re: XMLHttpRequest. Support for OPTIONS * method.

support! -- Sincerely yours, Valery Kotov -- Mark Nottingham http://www.mnot.net/

Re: XMLHttpRequest. Support for OPTIONS * method.

On 5 Sep 2014, at 11:03 am, Anne van Kesteren ann...@annevk.nl wrote: On Thu, Sep 4, 2014 at 11:09 PM, Mark Nottingham m...@mnot.net wrote: Huh? OPTIONS * isn’t exactly common, but it’s very much OK by HTTP… Sure. It's not supported by XMLHttpRequest. If you pass * as URL argument

Re: XMLHttpRequest. Support for OPTIONS * method.

by using XMLHttpRequest class? That is not supported. I suspect adding support for it might create a security vulnerability for servers as it is not something they anticipate a browser to do. -- http://annevankesteren.nl/ -- Mark Nottingham http://www.mnot.net/

Re: [push] Consider renaming push notification to push message in the Push API spec

please cc me if you want me to reply. -- Mark Nottingham http://www.mnot.net/

Re: [manifest] HTTP-based solution for loading manifests

. It's totally generic. Best regards, Julian -- Mark Nottingham http://www.mnot.net/

Re: Fixing appcache: a proposal to get us started

URLs. Cheers, -- Mark Nottingham http://www.mnot.net/

Re: Fixing appcache: a proposal to get us started

that one hostname = one app; then the scoping of and separation between apps is intuitive (e.g., fooApp.example.com, barApp.example.com). You could even define a well-known location for the manifest, so that people could just type the hostname in to install / view the app... Cheers, -- Mark

[XHR] Setting the User-Agent header

, -- Mark Nottingham http://www.mnot.net/

Re: Call for Contributors: TAG's Web App Storage work [Was: Re: TAG Comment on Web Storage]

and better coordinated APIs. If this is important to the TAG, it seems like you should add that task to the Web Application Storage work the TAG intends to do. Agreed? -AB [1] http://www.w3.org/2001/tag/2011/sum10#webappstorage -- Mark Nottingham http://www.mnot.net/

Re: TAG Comment on

/html5/offline.html#appcache [3] http://www.w3.org/2011/web-apps-ws/ -- Mark Nottingham http://www.mnot.net/

Re: TAG Comment on

required. -- Mark Nottingham http://www.mnot.net/

[XHR2] Feedback on sec-* headers

., FooAPI-Private: Bar, Boo Cheers, -- Mark Nottingham http://www.mnot.net/

Re: [XHR2] Feedback on sec-* headers

can and can't be set using the XMLHttpRequest API. For example, the XMLHttpRequest API could decide that it can or cannot be used to set the Banana HTTP header as the designers of that API see fit. Adam On Mon, Feb 21, 2011 at 2:38 PM, Mark Nottingham m...@mnot.net wrote: Hello

Re: [XHR2] Feedback on sec-* headers

On 22/02/2011, at 11:39 AM, Adam Barth wrote: On Mon, Feb 21, 2011 at 3:53 PM, Mark Nottingham m...@mnot.net wrote: Probably best to follow up here. Yes, of course it can define the specific headers it can or cannot send. The problem is XHR not only enumerates the headers, it also

Re: [XHR2] Feedback on sec-* headers

on the registration procedure for HTTP headers. Cheers, -- Mark Nottingham http://www.mnot.net/

Re: [cors] 27 July 2010 CORS feedback

On 22/11/2010, at 7:31 PM, Jonas Sicking wrote: On Sun, Nov 21, 2010 at 10:41 PM, Mark Nottingham m...@mnot.net wrote: I looked at the most recent specification and noted a few things. Apologies if these are repeats of earlier feedback, but they're still outstanding. 1) POST is listed

Re: [cors] 27 July 2010 CORS feedback

not, based upon past experience. We've been through this a few times already. Regards, -- Mark Nottingham http://www.mnot.net/

Re: [cors] 27 July 2010 CORS feedback

On 23/11/2010, at 4:23 AM, Jonas Sicking wrote: It's definitely a lot later in the spec-cycle now, but if nothing else it's something that could be added to a version 2 of the specification. That's probably most realistic. Cheers, -- Mark Nottingham http://www.mnot.net/

[cors] 27 July 2010 CORS feedback

- I realise that CORS is already shipping and that implementers are unlikely to change. I just didn't want to let this draft go by without commenting, lest someone mistake it for a good design. Regards, -- Mark Nottingham http://www.mnot.net/

Re: [XHR2] HTTP Trailers

/api.html#response-trailers-206 Cheers, -- Mark Nottingham http://www.mnot.net/

[XHR2] HTTP Trailers

the message is complete, or using a separate property or method if it's felt that keeping them distinct from the normal headers is desirable. E.g., getResponseTrailer(). Cheers, -- Mark Nottingham http://www.mnot.net/

Re: [cors] Web application

client-side so I'm thinking of simply removing client-side within CORS. Cheers, -- Anne van Kesteren http://annevankesteren.nl/ -- Mark Nottingham m...@yahoo-inc.com

Re: [cors] Review

rule out the well-known location solution, I agree it's a very hard problem to solve. -- Mark Nottingham http://www.mnot.net/

Re: [cors] Review

On 16/06/2009, at 12:16 AM, Anne van Kesteren wrote: On Mon, 15 Jun 2009 04:36:28 +0200, Mark Nottingham m...@mnot.net wrote: Content providers wanted the flexbility of not having to list every header in advance. Both so debugging headers and such would not have to be exposed

Re: [cors] Review

Thanks - a few replies below. On 14/06/2009, at 10:24 PM, Anne van Kesteren wrote: On Sun, 14 Jun 2009 03:58:31 +0200, Mark Nottingham m...@mnot.net wrote: As I said, I raised have raised substantive issues before: http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0226.html

Re: [cors] Review

/05/2009, at 5:27 PM, Mark Nottingham wrote: *** Substantial issues * POST as a simple method - POST is listed as a simple method (i.e., one not requiring pre-flight) because there are already security issues that allow an HTML browser to send cross-site POST requests. However, other

[cors] Review

-Allow-Credentials headers... should end in header values because a HTTP header can contain multiple values. -- Mark Nottingham http://www.mnot.net/