- From: Cameron Jones <cmhjones@gmail.com>
- Date: Fri, 22 Feb 2013 15:05:44 +0000
- To: "public-html@w3.org LIST" <public-html@w3.org>
- Message-ID: <CALGrgetzvdyWcfvMeOpyHdqkLftsuOpZxQ3c19L0Ush+NLUFWw@mail.gmail.com>
Hi all, I've just committed a initial draft of the specification of HTTP extensions for HTML forms: http://cameronjones.github.com/form-http-extensions/index.html This specification is the reification of the proposal which i worked on last year in answer to ISSUE-195. The proposal has an examination of the use cases and rationale for the extensions as well as an itemization of the change set within bullet point form: http://www.w3.org/wiki/User:Cjones/ISSUE-195 Summary ======= The extension enhances the ability for static, declarative definition of HTTP requests from user input through the HTML form input controls. The author is provided with essentially no-restriction to the ability to define HTTP method, headers and body, in addition to some specific interfacing with HTTP Authentication allowing for a real alternative to using cookies for session continuation and providing a meaningful improvement for non-HTTPS authentication and session control. The specification is pure HTML and affords all these abilities in absence of requiring any JavaScript support. Is there support or objection within the group for introducing these extensions? Due to nature of these extensions as a revision over the Form Submission Algorithm, and due to the intersection with core WWW architecture, i think this should be targeted at the HTML5.0 specification. Also, note that due to the restriction of HTTP methods to origin-only (or with CORS), and the restriction of headers from the XHR standard, this specification does not to introduce any security vulnerabilities. Thanks, Cameron Jones
Received on Friday, 22 February 2013 15:06:15 UTC