Request for FPWD publication of Server-Sent Events, Web Sockets API, Web Storage, and Web Workers

2009-04-01 Thread Ian Hickson
The following drafts are relatively stable and would benefit greatly from wider review: Server-Sent Events http://dev.w3.org/html5/eventsource/ The Web Sockets API http://dev.w3.org/html5/websockets/ Web Storage http://dev.w3.org/html5/webstorage/ Web Workers http://de

[DOM3Events] Regards for teleconference of 4/1/2009

2009-04-01 Thread Travis Leithead
Carmelo and I waited for awhile, but ultimately send our regards. Hopefully we'll be able to meet up with the rest of the group next week. PS. Doug, please update the editor's draft!

[widgets] Agenda for 2 April 2009 Voice Conference; NOTE TIME CHANGE FOR NON-US!

2009-04-01 Thread Arthur Barstow
Below is the draft agenda for the April 2 Widgets Voice Conference (VC). Inputs and discussion before the meeting on all of the agenda topics via public-webapps is encouraged (as it can result in a shortened meeting). Logistics: *** NOTE TIME CHANGE FOR non-US PARTICIPANTS *** Time: 22:

[widgets] Widget spec plan presented to BONDI Steering Group

2009-04-01 Thread Arthur Barstow
All - on March 30 I attended the BONDI Steering Group's f2f meeting in Cambridge, MA US. In the interest of aligning our Widgets specs with BONDI, I said the following regarding my expectations for Widgets spec publication for the next three months. I made it clear that I spoke solely as a

Re: [XHR] Authorization header

2009-04-01 Thread Anne van Kesteren
On Wed, 01 Apr 2009 12:05:08 +0200, Alexey Proskuryakov wrote: As there seems to be no danger in allowing this header for same origin requests, I'd suggest removing it from the list of forbidden headers. As mentioned in this thread, there are valid reasons to control it explicitly. Actua

Re: [XHR] Authorization header

2009-04-01 Thread Alexey Proskuryakov
On 01.04.2009, at 13:49, Anne van Kesteren wrote: Consistency with cross-origin requests where they need to be blocked to prevent distributed dictionary attacks. I actually thought Opera already blocked this header and the next Firefox release will do so as well. According to

Re: [XHR] Authorization header

2009-04-01 Thread Anne van Kesteren
On Wed, 01 Apr 2009 09:32:34 +0200, Alexey Proskuryakov wrote: Per the current XHR spec draft, the Authorization header cannot be set from JavaScript for security reasons. As far as I know, no shipping browser blocks it - and when we started blocking it in WebKit, it caused a compatibility

Re: [XHR] Authorization header

2009-04-01 Thread Thomas Broyer
On Wed, Apr 1, 2009 at 9:32 AM, Alexey Proskuryakov wrote: > Per the current XHR spec draft, the Authorization header cannot be set from > JavaScript for security reasons. > > As far as I know, no shipping browser blocks it - and when we started > blocking it in WebKit, it caused a compatibility pr

[XHR] Authorization header

2009-04-01 Thread Alexey Proskuryakov
Per the current XHR spec draft, the Authorization header cannot be set from JavaScript for security reasons. As far as I know, no shipping browser blocks it - and when we started blocking it in WebKit, it caused a compatibility problem, . Wha