Re: [Fwd: Offline data synchronization API]

On Jun 21, 2008, at 12:13 AM, Nikunj Mehta wrote: Hi Art, Here's a paper that describes the use cases and requirements about AtomDB. It does not include API details, although if you find this interesting, we can proceed to that next. I look forward to reading comments and getting

Re: IRC logging

* Lachlan Hunt wrote: There is currently no way to disable logging, as the need has never arisen in any of the other channels. We can note it as a feature request and it might get implemented one day. Contrary to what you suggest this has already been requested by several parties. There is of

Re: ISSUE-4 (SpecContent): Should specifications decide what counts as content for transfer? [Progress Events]

* Jonas Sicking wrote: It makes no sense to me to for HTTP say that the total number of bytes should include HTTP headers. It would be similar to including the TCP headers in the IP packets IMHO. There is a big difference here, an application might not have meaningful access to the latter, but

Re: ISSUE-4 (SpecContent): Should specifications decide what counts as content for transfer? [Progress Events]

* Anne van Kesteren wrote: Yeah, I'd very much prefer the Progress Events specification to handle this so that not all other specifications using the Progress Events specification need to do so. I agree that a protocol agnostic design would be good, but that indeed doesn't preclude saying

Re: Opting in to cookies - proposal

* Jonas Sicking wrote: First off, as before, when I talk about cookies in this mail I really mean cookies + digest auth headers + any other headers that carry the users credentials to a site. I don't quite see why you would mix these. Is there anywhere where I can read up on the use cases for an

Re: Origin (was: Re: XHR LC Draft Feedback)

* Adam Barth wrote: We suggest that user agents attach an Origin header to POST requests. This balances the security benefits of easy CSRF protection with the privacy costs. If user agents attached this header, sites could protect themselves from CSRF by (2) undertaking state-modify actions only

Re: ISSUE-5 (Unexpanded Entities): Wording for the Treatment of Unexpanded Entity References and Entity Replacement Markup [Element Traversal]

* Web Applications Working Group Issue Tracker wrote: Simon Pieters suggests wording similar to HTML5, in http://lists.w3.org/Archives/Public/public-webapi/2008Feb/0191.html. That is not a technically valid solution (and that particular wording does not, in fact, apply to the core node traversal

Re: Origin (was: Re: XHR LC Draft Feedback)

* Collin Jackson wrote: The advantage of the Origin header is that it provides sites with functionality that can't already be emulated with XMLHttpRequest: it allows them to distinguish trusted (sub)domains from completely untrusted domains. The stated goal was to balance easy protection against