On Jun 21, 2008, at 12:13 AM, Nikunj Mehta wrote:
Hi Art,
Here's a paper that describes the use cases and requirements about
AtomDB. It does not include API details, although if you find this
interesting, we can proceed to that next.
I look forward to reading comments and getting
* Lachlan Hunt wrote:
There is currently no way to disable logging, as the need has never
arisen in any of the other channels. We can note it as a feature
request and it might get implemented one day.
Contrary to what you suggest this has already been requested by several
parties. There is of
* Jonas Sicking wrote:
It makes no sense to me to for HTTP say that the total number of bytes
should include HTTP headers. It would be similar to including the TCP
headers in the IP packets IMHO.
There is a big difference here, an application might not have meaningful
access to the latter, but
* Anne van Kesteren wrote:
Yeah, I'd very much prefer the Progress Events specification to handle
this so that not all other specifications using the Progress Events
specification need to do so. I agree that a protocol agnostic design would
be good, but that indeed doesn't preclude saying
* Jonas Sicking wrote:
First off, as before, when I talk about cookies in this mail I really
mean cookies + digest auth headers + any other headers that carry the
users credentials to a site.
I don't quite see why you would mix these. Is there anywhere where I can
read up on the use cases for an
* Adam Barth wrote:
We suggest that user agents attach an Origin header to POST requests.
This balances the security benefits of easy CSRF protection with the
privacy costs. If user agents attached this header, sites could
protect themselves from CSRF by (2) undertaking state-modify actions
only
* Web Applications Working Group Issue Tracker wrote:
Simon Pieters suggests wording similar to HTML5, in
http://lists.w3.org/Archives/Public/public-webapi/2008Feb/0191.html.
That is not a technically valid solution (and that particular wording
does not, in fact, apply to the core node traversal
* Collin Jackson wrote:
The advantage of the Origin header is that it provides sites with
functionality that can't already be emulated with XMLHttpRequest: it
allows them to distinguish trusted (sub)domains from completely
untrusted domains.
The stated goal was to balance easy protection against