[Bug 15257] New: Should synchronous flag be cleared after state is set to UNSENT or DONE?

2011-12-17 Thread bugzilla 
https://www.w3.org/Bugs/Public/show_bug.cgi?id=15257

   Summary: Should synchronous flag be cleared after state is set
to UNSENT or DONE?
   Product: WebAppsWG
   Version: unspecified
  Platform: PC
OS/Version: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: XHR 2.0
AssignedTo: ann...@opera.com
ReportedBy: olli.pet...@gmail.com
 QAContact: member-webapi-...@w3.org
CC: m...@w3.org, public-webapps@w3.org


If someone tries to reuse sync XHR later as async XHR, setting
for example timeout after the sync XHR has succeeded doesn't work before
calling open().
Is there any reason to keep sync flag after abort() or successful request?

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.

Re: [XHR] chunked requests

2011-12-17 Thread Adam Barth 
On Sat, Dec 17, 2011 at 6:11 AM, Anne van Kesteren  wrote:
> On Fri, 09 Dec 2011 19:54:31 +0100, Eric Rescorla  wrote:
>>
>> Unfortunately, many servers do not support TLS 1.1, and to make matters
>> worse, they do so in a way that is not securely verifiable. By which I
>> mean that an active attacker can force a client/server pair both of which
>> support TLS 1.1 down to TLS 1.0. This may be detectable in some way, but not
>> by TLS's built-in mechanisms. And since the threat model here is an active
>> attacker, this is a problem.
>
> It seems user agents are addressing this issue in general by simply removing
> support for those servers so we might not have to define anything here and
> just leave it to the TLS standards:
>
> http://my.opera.com/securitygroup/blog/2011/12/11/opera-11-60-and-new-problems-with-some-secure-servers

I would still add a security consideration so folks who implement this
are aware that the two issues are related.

Adam

Re: XBL2, Component Model and WebApps' Rechartering [Was: Re: Consolidating charter changes]

2011-12-17 Thread Olli Pettay 

On 12/17/2011 04:30 PM, Anne van Kesteren wrote:

On Thu, 24 Nov 2011 14:08:55 +0100, Arthur Barstow
 wrote:

All - What are the opinions on what, if anything, to do with XBL2
vis-a-vis the charter update? Leave it on the REC track, stop work and
publish it as a WG Note, something else?


I would leave it as, but add a note we might abandon it at some point in
favor of Components. No need to make an early call on that.


That sounds good to me.


-Olli







[1] http://www.w3.org/2008/webapps/wiki/CharterChanges#Additions_Agreed

Re: CfC: add Quota API to WebApps' charter; deadline December 20

2011-12-17 Thread Charles McCathieNevile 
On Fri, 16 Dec 2011 10:10:45 +0100, Kinuko Yasuda   
wrote:


On Thu, Dec 15, 2011 at 9:19 PM, Arthur Barstow  
wrote:



Hi Kinuko, All,

Besides the Chromium team, I think it would be helpful if other browser
vendors would state their level of interest for this API (e.g. would  
review drafts, prototype, deploy, etc.).


We will at least review - in principle this is really useful for  
application developers.


(Comment 1 - why does this need to use callbacks?)

Kinuko - do you have a commitment for the Editor role and testing  
related tasks e.g. creating a test suite?



Yes I'm willing to play the Editor role.
As for the testing related tasks I'm not fully sure the necessary steps  
and deliverables,


Making sure there are tests for the specification so it can be completed  
and anyone can use them to demonstrate interoperability between any two  
implementations...


Given the basic nature of the spec I guess it doesn't need to be an  
enormous test suite - the most complex question is probably checking that  
it really works as advertised with different types of storage. (Although I  
am not sure what the quota would actually *mean* for a database).



but yes I'm willing to do the tasks that need to be done to
move this forward.


In light of the above explanation?

cheers

Chaals


-AB



On 12/13/11 7:23 AM, ext Arthur Barstow wrote:


Subject corrected ...

On 12/13/11 7:22 AM, Arthur Barstow wrote:


As IanF mentioned before, Google would like to add a Quota API to
WebApps' charter and Kinuko has now provided a link to a document that
provides some details about this API:

  http://wiki.whatwg.org/wiki/**Quota

As such, this is a Call for Consensus to add this API to WebApps'
charter (see [CharterChanges] for latest data on WebApps' charter  
update).


If you have any comments or concerns about this proposal, please send
them to public-webapps by December 20 at the latest.

As with all of our CfCs, positive response is preferred and encouraged
and silence will be assumed to be agreement with the proposal.

-AB

[CharterChanges]  
http://www.w3.org/2008/**webapps/wiki/CharterChanges



 Original Message 
Subject: Re: Quota API and WebApps [Was: Re: Consolidating charter
changes]
Date: Tue, 13 Dec 2011 17:22:38 +0900
From: ext Kinuko Yasuda 
To: Arthur Barstow 
CC: public-webapps , Ian Fette <
ife...@google.com>



Hi Arthur,

On Wed, Nov 23, 2011 at 10:20 PM, Arthur Barstow  

art.bars...@nokia.com>**> wrote:

  Hi IanF, All,

  Following up on Quota API vis-à-visCharterChanges wiki [1] ...

  Does the group want to add Quota API to the group's charter? If yes,
  where is a draft/strawman proposal?


We have an early draft for Quota API spec here:
http://wiki.whatwg.org/wiki/**Quota  



I think we want to add it to the group's charter.

  -AB

  [1]  
http://www.w3.org/2008/**webapps/wiki/CharterChanges


  On 11/8/11 12:37 PM, ext Arthur Barstow wrote:

  During the October 31 meeting, we discussed [1] various
  additions, changes and deletions for WebApps' current charter
  [2]. To consolidate the various proposals, I created the
  following doc:


>

  My expectation is that Doug will this information when he drafts
  our updated charter.

  Comments on this doc and our future charter welcome. However, if
  we are going to add any new deliverables, I think there should
  be broad agreement on the spec, including prior commitment to
  drive the spec through all of the phases of the process
  including testing and implementations.

  Chaals, IanF - I included some actions/questions for you (mostly
  recorded at the f2f meeting).

  -AB

  [1]  
http://www.w3.org/2011/10/31-**webapps-minutes.html
  [2]  
http://www.w3.org/2010/**webapps/charter/











--
Charles 'chaals' McCathieNevile  Opera Software, Standards Group
je parle français -- hablo español -- jeg kan litt norsk
http://my.opera.com/chaals   Try Opera: http://www.opera.com

Re: [CORS] Does "Origin" have to be included in the "Access-Control-Request-Headers" field?

2011-12-17 Thread Anne van Kesteren 
On Fri, 29 Jul 2011 14:25:07 +0200, Vladimir Dzhuvinov  
 wrote:

Regarding "6. Resource processing model": [item 3] "A list of headers
consisting of zero or more header field names that are supported by
the resource.":

Is this list supposed to be

1) of the non-simple headers only - as per
http://dev.w3.org/2006/waf/access-control/#simple-header or

2) of all supported headers that the author may choose to set,
including those that qualify as simple?

Because right now the Java CORS filter expects to receive only
non-simple headers in "Access-Control-Request-Headers", and if for
some reason the browser has decided to include a simple header, e.g.
"Accept", in the preflight request it won't be allowed to proceed.


My apologies for forgetting to reply to this message. Fortunately it was  
still somewhere in my inbox! It seems your Java CORS filter has a bug as  
simple headers can be included there (for consistency).



--
Anne van Kesteren
http://annevankesteren.nl/

Re: XBL2, Component Model and WebApps' Rechartering [Was: Re: Consolidating charter changes]

2011-12-17 Thread Anne van Kesteren 
On Thu, 24 Nov 2011 14:08:55 +0100, Arthur Barstow   
wrote:
All - What are the opinions on what, if anything, to do with XBL2  
vis-a-vis the charter update? Leave it on the REC track, stop work and  
publish it as a WG Note, something else?


I would leave it as, but add a note we might abandon it at some point in  
favor of Components. No need to make an early call on that.




[1] http://www.w3.org/2008/webapps/wiki/CharterChanges#Additions_Agreed



--
Anne van Kesteren
http://annevankesteren.nl/

Re: [XHR] chunked requests

2011-12-17 Thread Anne van Kesteren 

On Fri, 09 Dec 2011 19:54:31 +0100, Eric Rescorla  wrote:

Unfortunately, many servers do not support TLS 1.1, and to make matters
worse, they do so in a way that is not securely verifiable. By which I  
mean that an active attacker can force a client/server pair both of  
which support TLS 1.1 down to TLS 1.0. This may be detectable in some  
way, but not
by TLS's built-in mechanisms. And since the threat model here is an  
active attacker, this is a problem.


It seems user agents are addressing this issue in general by simply  
removing support for those servers so we might not have to define anything  
here and just leave it to the TLS standards:


http://my.opera.com/securitygroup/blog/2011/12/11/opera-11-60-and-new-problems-with-some-secure-servers


--
Anne van Kesteren
http://annevankesteren.nl/