Consolidating replies a bit...
On Apr 22, 2010, at 11:29 AM, Dirk Pranke wrote:
Here's some new directions ... ContextFreeRequest StatelessRequest SessionlessRequest
All HTTP requests are stateless, and sessionless could mean many things, so I'm not keen on those. ContextFree is a good suggestion.
or, since we're really talking about cookies here ... CookielessRequest CookieFreeRequest SugarFreeRequest IncognitoRequest (playing off of Chrome's "Incognito" mode, which doesn't use your browser's normal cookie store)
Cookies are not the only issue. Another key difference is not sending headers that identify the site making the request (e.g. Origin or Referer). Secondary issues are other forms of client authentication such as HTTP authentication and SSL client certificates. Those are not very commonly used on public Web sites, but they need to be excluded for the proposed API to be secure.
On Apr 22, 2010, at 11:37 AM, Tab Atkins Jr. wrote:
Count me as one web developer who won't miss the annoying and inaccurate "XH" from any future "R"s. I think that dropping them now won't be very confusing (the Request part has always been the meaningful one for me), and it then opens the door for future types of Requests to just share in the Request name, not the full baggage-laden XHR name.
If we do drop the "XH" that gives us the freedom to be a little more verbose in the rest of the name, if we so choose.
Regards, Maciej
