On Sun, 22 Jun 2008 10:32:50 +0200, Jonas Sicking [EMAIL PROTECTED] wrote:
Bjoern Hoehrmann wrote:
* Jonas Sicking wrote:
It makes no sense to me to for HTTP say that the total number of bytes
should include HTTP headers. It would be similar to including the TCP
headers in the IP packets
Followup to webapps group please (reply-to set for this mail)
On Mon, 02 Jun 2008 23:56:22 +0200, Jonas Sicking [EMAIL PROTECTED] wrote:
Charles McCathieNevile wrote:
On Sat, 31 May 2008 01:05:44 +0200, Jonas Sicking [EMAIL PROTECTED]
I wanted to implement the ElementTraversal spec for
Charles McCathieNevile wrote:
Followup to webapps group please (reply-to set for this mail)
On Mon, 02 Jun 2008 23:56:22 +0200, Jonas Sicking [EMAIL PROTECTED] wrote:
Charles McCathieNevile wrote:
On Sat, 31 May 2008 01:05:44 +0200, Jonas Sicking [EMAIL PROTECTED]
I wanted to implement
Zhenbin Xu wrote:
It should be revised to:
responseText:
If the state is not DONE, raise an INVALID_STATE_ERR exception and terminate
these steps.
This doesn't seem very consistent with the other response properties
though. Seems like .getResponseHeader and .getAllResponseHeaders work
Charles McCathieNevile wrote:
On Sun, 22 Jun 2008 10:32:50 +0200, Jonas Sicking [EMAIL PROTECTED] wrote:
Bjoern Hoehrmann wrote:
* Jonas Sicking wrote:
It makes no sense to me to for HTTP say that the total number of
bytes should include HTTP headers. It would be similar to including
the
Hi folks,
the agenda and logistics page for the meeting will be shortly available to
working group members (Sunava, can you please ask your AC rep to ensure
that you guys have joined by the time we have the meeting?).
I have one question - although I am the chair, and the co-chair is not
I am fine with the first meeting starting after lunchtime. It gives us a chance
to chat with members and mingle before we get down to the meat and potatoes!
-Original Message-
From: [EMAIL PROTECTED] [mailto:public-webapps-
[EMAIL PROTECTED] On Behalf Of Charles McCathieNevile
Sent:
ISSUE-10 (client-server): Client and Server model [Access Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Arthur Barstow
On product: Access Control
[[ This issue was created on 2008-01-04 as Issue #20 in the Web Applications
Formats (WAF) WG and is copied in totality to the
* Gavin Sharp wrote:
It does seem quite unreasonable. Why do you think it would be a
serious breach of protocol? Which protocol? Making approval of
logging contingent on the presence of the bot in channel seems rather
arbitrary. Why not just say that approval for logging is implicit for
anyone
ISSUE-11 (security-model): What is the Security Model for the access-control
spec? [Access Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Arthur Barstow
On product: Access Control
[[ This issue was created on 2008-01-15 as Issue #21 in the Web Applications
Formats (WAF) WG
ISSUE-12 (access-control-policy-path): IIS and Access-Control-Policy-Path
[Access Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Anne van Kesteren
On product: Access Control
[[ This issue was created on 2008-06-06 as Issue #25 in the Web Applications
Formats (WAF) WG and is
ISSUE-13 (opting-into-cookies): Opting into cookies [Access Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Anne van Kesteren
On product: Access Control
[[ This issue was created on 2008-06-06 as Issue #26 in the Web Applications
Formats (WAF) WG and is copied in totality to
ISSUE-14 (opt-into-methods-headers): Opting into methods/headers [Access
Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Anne van Kesteren
On product: Access Control
[[ This issue was created on 2008-06-06 as Issue #27 in the Web Applications
Formats (WAF) WG and is copied
* Jonas Sicking wrote:
Is anyone ever going to be able to get any useful size data for the
headers anyway though? I.e. if we allow headers to be counted as part of
the size, is anyone ever going to be able to do that?
To be able to do that you'd have to have some sort of out-of-band
metadata
* Jonas Sicking wrote:
I'm not quite following what you are asking here. My proposal is about
giving a site the ability to enable two modes of Access-Control:
1. Allow a third-party site to read the data on this resource, and/or
perform unsafe methods in HTTP requests to this resource. When
Hi all,
the draft says that the initial value for upload complete flag is false
and then there are several ways to get it set to true. But when is the
value set back to false if XHR object is reused?
Perhaps '3.5.3 Initiating a Request', right after step 2?
-Olli
I don't think we have seen any alternative proposals for putting the
policy *enforcement* on the server. It also seems very hard to me to
rely on the server enforcing the policy, while still protecting legacy
servers, since they currently do not perform any such enforcement.
What I have
On Mon, Jun 23, 2008 at 2:35 PM, Jonas Sicking [EMAIL PROTECTED] wrote:
What I have seen suggestions for though is a simpler policy language that
doesn't send a full white-list to the client, but rather just a yes/no
decision to the client.
If we go this route, we should be careful about
Thanks for the info. Chris is working on getting us signed up before the
meeting!
Meanwhile, I'm fine with a Tues noon start.
I've also requested we discuss our feedback on AC on Tuesday as Eric, our
security PM is out of office Wed and Thursday. Let me know what we finally
decide on both
Hi, Jonas, Daniel-
Jonas Sicking wrote (on 6/23/08 2:03 PM):
What about the issue I raised here:
http://lists.w3.org/Archives/Public/public-webapps/2008AprJun/0214.html
Which no one replied to.
If you implement the HTML DOM you should already have code that not only
filters out elements,
The meeting says Tuesday through Thursday 24th - 26 June 2008 in the Overview
section.
I just had a heart attack till I realized that's probably (keeping fingers
crossed) a mistake??
-:)
-Original Message-
From: Michael(tm) Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23,
Bjoern Hoehrmann wrote:
* Jonas Sicking wrote:
I'm not quite following what you are asking here. My proposal is about
giving a site the ability to enable two modes of Access-Control:
1. Allow a third-party site to read the data on this resource, and/or
perform unsafe methods in HTTP
Sounds good to me.
/ Jonas
Doug Schepers wrote:
Hi, Jonas, Daniel-
Jonas Sicking wrote (on 6/23/08 2:03 PM):
What about the issue I raised here:
http://lists.w3.org/Archives/Public/public-webapps/2008AprJun/0214.html
Which no one replied to.
If you implement the HTML DOM you should
On Jun 23, 2008, at 11:23 AM, Charles McCathieNevile wrote:
Hi folks,
the agenda and logistics page for the meeting will be shortly
available to working group members (Sunava, can you please ask your
AC rep to ensure that you guys have joined by the time we have the
meeting?).
I
On Thu, May 1, 2008 at 1:33 AM, Arve Bersvendsen [EMAIL PROTECTED] wrote:
Attached is a document providing some initial input on a security model for
a widget, that should provide a rough draft for providing the/a widget
security model.
Note that the document is not to be treated as input
Hi, Folks-
Fixed.
Sunava, you can put away the heart meds. :)
-Doug
Charles McCathieNevile wrote (on 6/24/08 12:10 AM):
On Tue, 24 Jun 2008 01:30:39 +0200, Sunava Dutta
[EMAIL PROTECTED] wrote:
The meeting says Tuesday through Thursday 24th - 26 June 2008 in the
Overview section.
I
On Tue, 24 Jun 2008 03:43:38 +0200, Maciej Stachowiak [EMAIL PROTECTED]
wrote:
On Jun 23, 2008, at 11:23 AM, Charles McCathieNevile wrote:
Hi folks,
the agenda and logistics page for the meeting will be shortly available
to working group members (Sunava, can you please ask your AC rep
Doug Schepers wrote:
I will create an Element Nodelist specification right away, and if it is
approved to go forward (and I don't see why it wouldn't be, since there
is considerable support), I am confident that this would not slow down
deployment in desktop browsers, and so authors should
28 matches
Mail list logo