On Dec 16, 2009, at 21:47, Klotz, Leigh wrote:
I'd like to suggest that the main issue is dependency of the XHR document on
concepts where HTML5 is the only specification that defines several core
concepts of the Web platform architecture, such as event loops, event handler
attributes,
Somehow I suspect all this has been said many times before...
On Wed, Dec 16, 2009 at 11:45 PM, Maciej Stachowiak m...@apple.com wrote:
CORS would provide at least two benefits, using the exact protocol you'd
use with UM:
1) It lets you know what site is sending the request; with UM there is
On Dec 17, 2009, at 1:42 AM, Kenton Varda wrote:
Somehow I suspect all this has been said many times before...
On Wed, Dec 16, 2009 at 11:45 PM, Maciej Stachowiak m...@apple.com
wrote:
CORS would provide at least two benefits, using the exact protocol
you'd use with UM:
1) It lets you
Hi Widget addicts,
While reading again through the spec, I'm wondering why there are differences
between the PC spec and the XML spec in terms of white space handling.
PC defines:
* space characters as: U+0020, U+0009, U+000A, U+000B, U+000C, U+000D
* Unicode white space characters as:
Sorry, I missed the followup on Larry's email
http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0131.html
- can someone tell me where this is tracked?
Specifically I want to check that the 'authority' component is
adequately futureproofed. Devoid of semantics could mean devoid in
this
The draft minutes from the MMM DD Widgets voice conference are
available at the following and copied below:
http://www.w3.org/2009/12/17-wam-minutes.html
WG Members - if you have any comments, corrections, etc., please send
them to the public-webapps mail list before 7 January 2010 (the
On Wed, 16 Dec 2009, Devdatta wrote:
hmm.. just a XDR GET on the file at hixie.ch which allows access only if
the request is from damowmow.com ?
It couldn't be XDR -- XDR is a script-based mechanism, whereas XBL can be
invoked before the root element is parsed. But even assuming the XDR
If XHR is wholly dependent on HTML5 then it should either be moved into the
HTML5 recommendation-track document, or renamed XHR for HTML5. Ian has made
a point that modularizing HTML5 itself is a large task; it's not clear that the
same applies to this XHR document, at least to the same
On Thu, Dec 17, 2009 at 2:21 AM, Maciej Stachowiak m...@apple.com wrote:
On Dec 17, 2009, at 1:42 AM, Kenton Varda wrote:
Somehow I suspect all this has been said many times before...
On Wed, Dec 16, 2009 at 11:45 PM, Maciej Stachowiak m...@apple.com wrote:
CORS would provide at least two
Test cases e5, e6, z1 and z2 test the ability of a UA to use a widget-
specified charset (ISO 8859-1); however the PC specification states
that a UA only has to implement UTF-8, and support for additional
encodings is optional.
Do these test cases then really only require that a UA
On Thu, Dec 17, 2009 at 9:10 AM, Klotz, Leigh leigh.kl...@xerox.com wrote:
If XHR is wholly dependent on HTML5 then it should either be moved into the
HTML5 recommendation-track document, or renamed XHR for HTML5. Ian has
made a point that modularizing HTML5 itself is a large task; it's not
Jonas,
Thank you for your response; comments below:
-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, December 17, 2009 9:22 AM
To: Klotz, Leigh
Cc: Henri Sivonen; Anne van Kesteren; WebApps WG; Forms WG
Subject: Re: XMLHttpRequest
On Thu, Dec 17, 2009 at 6:21 PM, Scott Wilson
scott.bradley.wil...@gmail.com wrote:
Test cases e5, e6, z1 and z2 test the ability of a UA to use a
widget-specified charset (ISO 8859-1); however the PC specification states
that a UA only has to implement UTF-8, and support for additional
On Thu, 17 Dec 2009, Kenton Varda wrote:
OK, I'm sure that this has been said before, because it is critical to
the capability argument:
If Bob can access the data, and Bob can talk to Charlie *in any way at
all*, then it *is not possible* to prevent Bob from granting access to
Jonas,
I apologize if you and other group members consider this to be a pedantic
exercise, but it's a necessary part of making the specification reusable.
-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, December 17, 2009 9:45 AM
To: Klotz,
On Thu, Dec 17, 2009 at 10:08 AM, Maciej Stachowiak m...@apple.com wrote:
My goal was merely to argue that adding an origin/cookie check to a
secret-token-based mechanism adds meaningful defense in depth, compared to
just using any of the proposed protocols over UM. I believe my argument
From: Anne van Kesteren annevk at opera.com
Subject: Re: [XHR] LC comments from the XForms Working Group
Date: 2009-10-08 15:31:27 GMT
On Tue, 17 Jun 2008 05:24:48 +0200, Boris Zbarsky bzbarsky at mit.edu
wrote:
Anne van Kesteren wrote:
It would change the conformance
Joseph Pecoraro wrote:
I have changed to using the new method "immediate" and that also removed this call.
Immediate looks useful. The specification for immediate is:
[[
When this method is called, the user agent creates a new cache transaction, and performs the steps to
On Thu, Dec 17, 2009 at 10:54 AM, Jonas Sicking jo...@sicking.cc wrote:
From: Anne van Kesteren annevk at opera.com
Subject: Re: [XHR] LC comments from the XForms Working Group
Date: 2009-10-08 15:31:27 GMT
On Tue, 17 Jun 2008 05:24:48 +0200, Boris Zbarsky bzbarsky at mit.edu
wrote:
-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, December 17, 2009 10:54 AM
To: Klotz, Leigh
Cc: Henri Sivonen; Anne van Kesteren; WebApps WG; Forms WG
Subject: Re: XMLHttpRequest Comments from W3C Forms WG
...snip
And then go on to cite
Jonas,
I'm not sure how the dependency is specified in the XHR draft. Can you point
me to it? The word event loop doesn't appear.
I know how XForms defines synchronous vs. asynchronous submissions using XML
Events (which are an XML syntax for accessing DOM Events), and XHR is directly
On Thu, Dec 17, 2009 at 11:18 AM, Klotz, Leigh leigh.kl...@xerox.com wrote:
Jonas,
I'm not sure how the dependency is specified in the XHR draft. Can you point
me to it? The word event loop doesn't appear.
The term queue a task is defined in HTML5, and uses the event loop.
/ Jonas
On Thu, Dec 17, 2009 at 10:08 AM, Maciej Stachowiak m...@apple.com wrote:
On Dec 17, 2009, at 9:15 AM, Kenton Varda wrote:
On Thu, Dec 17, 2009 at 2:21 AM, Maciej Stachowiak m...@apple.com wrote:
I'm not saying that Alice should be restricted in who she shares the feed
with. Just that
On Thu, 17 Dec 2009, Kenton Varda wrote:
It seems more useful to attribute resource usage to the user rather than
to the sites the user uses to access those resources. In my example, I
might want to limit Alice to, say, 1GB data transfer per month, but I
don't see why I would care if that
Despite the costs of doing preflight opt-in on a per-resource basis rather
than a per-origin basis, to meet its security goals, CORS proposes to do
preflight on a per-resource basis. I have seen the rationale for this stated
in bits and pieces. Can anyone point me at a reasonably self contained
I've finally narrowed it down to just one test case to pass PC
conformance!
Unfortunately it involves implementing SNIFF...
Does anyone know of an implementation already existing in Java?
S
/-/-/-/-/-/
Scott Wilson
Apache Wookie: http://incubator.apache.org/projects/wookie.html
-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, December 17, 2009 11:33 AM
To: Klotz, Leigh
Cc: Henri Sivonen; Anne van Kesteren; WebApps WG; Forms WG
Subject: Re: XMLHttpRequest Comments from W3C Forms WG
On Thu, Dec
On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson i...@hixie.ch wrote:
One of the big reasons to restrict which origin can
use a particular resource is bandwidth management. For example,
resources.example.com might want to allow *.example.com to use its XBL
files, but not allow anyone else to
Boris,
Thank you for the clarification. Surely then this ought to be fixed with an
IETF or W3C document describing this fact, and not by requiring all future
specifications which use URLs to reference the HTML5 document.
Is it defined in http://www.w3.org/html/wg/href/draft ?
If so, perhaps
On 12/17/09 2:22 PM, Klotz, Leigh wrote:
Thank you for the clarification. Surely then this ought to be fixed with an
IETF or W3C document describing this fact
After some pushback, there is in fact such a document being worked on.
It's not quite far enough to reference normatively last I
Great! It sounds like more progress is being made on both putting experience
from implementations back into specifications, and in modularizing the XHR
document references, since it will give a better place than HTML5 for
reference.
Leigh.
-Original Message-
From: Boris Zbarsky
As Ian already has mentioned. No one is disputing that most of these
things should be factored out of the HTML5 spec. But so far no one has
stepped up to that task. Until someone does we'll have to live with
the reality that these things are defined in the HTML5 spec and the
HTML5 spec alone.
/
OK, so is the conclusion that XHR is implementable only in HTML5 and should be
re-titled XMLHttpRequest in HTML5 or something similar?
-Original Message-
From: Jonas Sicking [mailto:jo...@sicking.cc]
Sent: Thursday, December 17, 2009 3:14 PM
To: Klotz, Leigh
Cc: Boris Zbarsky; WebApps
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson i...@hixie.ch wrote:
One of the big reasons to restrict which origin can use a particular
resource is bandwidth management. For example, resources.example.com
might want to allow *.example.com to use its
On Thu, Dec 17, 2009 at 3:46 PM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson i...@hixie.ch wrote:
One of the big reasons to restrict which origin can use a particular
resource is bandwidth management. For example,
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 3:46 PM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson i...@hixie.ch wrote:
One of the big reasons to restrict which origin can use a
particular
On Thu, Dec 17, 2009 at 12:58 PM, Ian Hickson i...@hixie.ch wrote:
With CORS, I can trivially (one line in the .htaccess file for my site)
make sure that no sites can use XBL files from my site other than my
sites. My sites don't do any per-user tracking; doing that would involve
orders of
On Thu, Dec 17, 2009 at 4:41 PM, Ian Hickson i...@hixie.ch wrote:
What one liner are your proposing that would solve the problem for XBL,
XML data, videos, etc, all at once?
Are we debating about the state of existing infrastructure, or theoretically
ideal infrastructure? Honest question.
On Thu, Dec 17, 2009 at 4:41 PM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 3:46 PM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Tyler Close wrote:
On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson i...@hixie.ch wrote:
One of the
On Thu, 17 Dec 2009, Kenton Varda wrote:
On Thu, Dec 17, 2009 at 4:41 PM, Ian Hickson i...@hixie.ch wrote:
What one liner are your proposing that would solve the problem for
XBL, XML data, videos, etc, all at once?
Are we debating about the state of existing infrastructure, or
On Thu, 17 Dec 2009, Tyler Close wrote:
Starting from the X-FRAME-OPTIONS proposal, say the response header
also applies to all embedding that the page renderer does. So it also
covers img, video, etc. In addition to the current values, the
header can also list hostname patterns that may
On Thu, 17 Dec 2009, Kenton Varda wrote:
On Thu, Dec 17, 2009 at 12:58 PM, Ian Hickson i...@hixie.ch wrote:
With CORS, I can trivially (one line in the .htaccess file for my
site) make sure that no sites can use XBL files from my site other
than my sites. My sites don't do any per-user
On Dec 17, 2009, at 2:37 PM, Boris Zbarsky wrote:
On 12/17/09 2:22 PM, Klotz, Leigh wrote:
Thank you for the clarification. Surely then this ought to be
fixed with an IETF or W3C document describing this fact
After some pushback, there is in fact such a document being worked
on. It's
On Dec 17, 2009, at 3:15 PM, Klotz, Leigh wrote:
OK, so is the conclusion that XHR is implementable only in HTML5 and
should be re-titled XMLHttpRequest in HTML5 or something similar?
I think your premise is false, and I don't such a retitling would be
helpful. The XHR spec does not
On Thu, Dec 17, 2009 at 5:49 PM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Tyler Close wrote:
X-FRAME-OPTIONS: *.example.com
Access-Control-Allow-Origin: *
Why is this better than:
Access-Control-Allow-Origin: *.example.com
...?
I think Tyler missed on this one.
45 matches
Mail list logo