25915 2014-05-29 09:53:39 +0000 Cross-origin requests 2014-06-18 21:07:58 +0000 1 1 1 Unclassified WebAppsWG File API unspecified PC All RESOLVED FIXED P2 normal --- 1 annevk arun public-webapps public-webapps-bugzilla oldest_to_newest 106979 0 annevk 2014-05-29 09:53:39 +0000 I'm not sure why http://dev.w3.org/2006/webapi/FileAPI/#cross-origin-requests-on-blobs is included in this specification. That should follow from URL / Fetch, no? Duplicate requirements are bad. 107060 1 arun 2014-05-30 21:31:27 +0000 (In reply to Anne from comment #0) > I'm not sure why > http://dev.w3.org/2006/webapi/FileAPI/#cross-origin-requests-on-blobs is > included in this specification. That should follow from URL / Fetch, no? > > Duplicate requirements are bad. You're right. I've fixed this now so that Fetch is normative. 107073 2 annevk 2014-05-31 07:12:48 +0000 Now you use must in a non-normative section. 107155 3 arun 2014-06-02 20:07:28 +0000 Fixed! http://dev.w3.org/2006/webapi/FileAPI/#NetworkError 107324 4 annevk 2014-06-05 08:22:24 +0000 This still seems wrong. :-( I think basically you do not want to say anything about cross-origin URLs and let that part of the security model be handled by Fetch. 107362 5 arun 2014-06-05 14:57:58 +0000 (In reply to Anne from comment #4) > This still seems wrong. :-( > > I think basically you do not want to say anything about cross-origin URLs > and let that part of the security model be handled by Fetch. But File API defines the origin and origin policy of Blob URLs, and what requests are legal. It would be weird to be silent on the matter of cross-origin requests. I suppose I could just invoke the Fetch specification. Also, what "seems wrong?" We already defer to Fetch and URL for most of the dereferencing. This just says that cross-origin requests return with a network error. 107363 6 annevk 2014-06-05 14:58:48 +0000 I don't see how that makes sense. If Fetch defines that, why would we define it again here? 107364 7 arun 2014-06-05 15:00:04 +0000 (In reply to Anne from comment #6) > I don't see how that makes sense. > > If Fetch defines that, why would we define it again here? Well, I'm talking about: http://dev.w3.org/2006/webapi/FileAPI/#requestResponseModel Should ALL of it be subsumed by Fetch? 107366 8 annevk 2014-06-05 15:02:49 +0000 Yeah I think so. Unless you think Fetch should defer to the File API for the extracting bits from a blob bit, but I'm not sure why we would intertwine them like that. 108021 9 arun 2014-06-18 21:07:58 +0000 (In reply to Anne from comment #8) > Yeah I think so. Unless you think Fetch should defer to the File API for the > extracting bits from a blob bit, but I'm not sure why we would intertwine > them like that. Any FileAPI guidance on request/response when fetching Blob URLs is now non-normative, and I consider it provisional (e.g. can delete finally) when Fetch fully owns Blob URLs as per bug 24338, which is assigned to annevk. http://dev.w3.org/2006/webapi/FileAPI/#requestResponseModel