On Apr 14, 2009, at 6:33 AM, ext Thomas Roessler wrote:
So, to pick up on this discussion again -- I don't think we've had a
useful conclusion whether or not the client-side JavaScript code ought
to explicitly enable cross-site requests (as Tyler suggests, and as IE
implements in XDR) or not.
All things considered, any thoughts?
I tend to think that when adding new semantics, it generally makes
sense to add new syntax to support those semantics and in this case
that it would be better to err on the side of caution even if the
mechanism chosen isn't particularly friendly to the app developer.
Yes, it would be good to get others thoughts on this, particularly
those that have implemented CORS.
-Regards, Art Barstow
--
Thomas Roessler, W3C <t...@w3.org>
On 8 Apr 2009, at 20:07, Jonas Sicking wrote:
On Wed, Apr 8, 2009 at 2:23 AM, Thomas Roessler <t...@w3.org> wrote:
Incidentally, just framing this as "XHR vs XDR" is a bit
simplistic: E.g.,
one could imagine a method "enableCrossSiteRequests" (or something
like
that) which needs to be invoked before XHR can do cross site
requests.
Oh, indeed. I didn't mean to frame it as an "XHR vs XDR" thing.
There's certainly other ways of doing it. Tyler also proposed adding
an argument to the XHR constructor.
/ Jonas
