On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <[EMAIL PROTECTED]> wrote:
Anne, can you summarise what needs doing to XHR2 and AC to move them
forwards to last call? Is there a list of outstanding comments anywhere?
XMLHttpRequest Level 2
* Depends on XMLHttpRequest Level 1 feedback:
http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2
* It needs an introduction at some point. (Though not per se for Last Call
I suppose.)
Access Control for Cross-Site Requests
* Need to deal with Access-Control-Policy-Path normalization
* Need to figure out if we want the server to whitelist headers/methods
(we had methods before and then dropped it)
* Need to figure out if we want the server to opt in to cookies/credentials
If there's anything I can do to help I'd be happy to do so. I would like
to see this draft reach last call this month if possible.
If you have any ideas on how to solve the non-obvious bits of the above
that would help.
Personally:
* Discouraging the use of Access-Control-Policy-Path other than with a
value of / for IIS works for me.
* Adding the Access-Control-Headers and Access-Control-Methods
conditionals is fine with me.
* I don't think we need to add opt in for cookies/credentials given that
for GET such requests are already possible and for non-GET there's an
OPTIONS opt-in request.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
