On Tue, 10 Nov 2009 14:31:24 +0100, Julian Reschke <[email protected]>
wrote:
Silvia Pfeiffer wrote:
...
Further, Benno suggests extending http://www.w3.org/TR/XMLHttpRequest/
with a property to disable following redirects automatically so as to
be able to expose the redirection.
I am not aware if somebody else has suggested these use cases for CORS
and XMLHttpRequest before (this may not even be the right fora for
it), but since these are so closely linked to what we do in HTML5, I
thought it would be good to point it out. I would think that at
minimum Anne knows what to do with it, since he is editor on both.
...
Extending XMLHttpRequest for better control over redirects certainly
would be a good thing.
Note that there's work-in-progress of adding "proper" HTTP support to
the Netscape plugin API (see
<https://wiki.mozilla.org/Plugins:GenericHttpMethod>), where we have the
same feature request, and it would be good to align this with
XmlHttpRequest semantics.
I'm still not sure whether this should be combined with disabling
automatic authentication dialogs if request username and request password
are both null.
I suppose it is probably simpler to have a separate attribute for each and
admittedly most requests have been for redirects and not for the HTTP
authentication.
We could introduce an attribute with similar properties as timeout and
withCredentials called followRedirects that by default is true but can be
set to false.
What do implementors think?
--
Anne van Kesteren
http://annevankesteren.nl/
