Anne van Kesteren wrote:
I changed my mind on several things below.
On Fri, 16 May 2008 13:37:54 +0200, Anne van Kesteren <[EMAIL PROTECTED]>
wrote:
On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <[EMAIL PROTECTED]> wrote:
Anne, can you summarise what needs doing to XHR2 and AC to move them
forwards to last call? Is there a list of outstanding comments anywhere?
XMLHttpRequest Level 2
* Depends on XMLHttpRequest Level 1 feedback:
http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2
* It needs an introduction at some point. (Though not per se for Last
Call I suppose.)
This is both still true though I made some progress incorperating
feedback. (Need to make sure everything relevant made XMLHttpRequest 2
too though.
Access Control for Cross-Site Requests
* Need to deal with Access-Control-Policy-Path normalization
Done.
I think we do need to deal with this. Just leaving it be will I think
will cause exploitable servers out there.
* Need to figure out if we want the server to whitelist
headers/methods (we had methods before and then dropped it)
I changed my mind on this. Given the reply from Björn in particular I
don't think there's anything that needs to be done here.
I strongly disagree here. Sorry about being slow to reply, will make
sure that happens today.
* Need to figure out if we want the server to opt in to
cookies/credentials
I rejected this proposal in another e-mail.
Same thing here.
/ Jonas
