28577 2015-04-28 04:55:54 +0000 [XMLHttpRequest] Throwing SecurityError on open() call for some kind of simple errors 2015-06-11 14:58:27 +0000 1 1 1 Unclassified WebAppsWG XHR unspecified PC Linux RESOLVED WORKSFORME P2 normal --- 1 tyoshino annevk mike public-webapps tyoshino public-webapps-bugzilla oldest_to_newest 119970 0 tyoshino 2015-04-28 04:55:54 +0000 Seems the WebAppSec WG attempted to make xhr.open() throw NetworkError for some errors that could be detected synchronously such as mixed content. What's the status of that? 119971 1 tyoshino 2015-04-28 05:11:13 +0000 Sorry. I meant SecurityError. It has been removed on this change. https://github.com/w3c/webappsec/commit/aac819b28287e8fd3a9ebad2666336e2bc77a24b So, the consensus is: - to handle it as network error - in async mode, not throwing but dispatching an error event async Right? 119972 2 tyoshino 2015-04-28 05:14:45 +0000 OK. Anne objected to the plan at https://lists.w3.org/Archives/Public/public-webappsec/2014Oct/thread.html#msg198 119973 3 tyoshino 2015-04-28 05:19:22 +0000 Maybe the same argument applies to the proposal of making send() throw. Just wanna confirm what Anne think of that. 119991 4 annevk 2015-04-29 15:08:19 +0000 Yes, send() should only throw for synchronous XMLHttpRequest. Not otherwise. Now that Mixed Content is defined in terms of fetching this should all fall out naturally, no? To recap, the status is that WebAppSec dropped their attempt and instead integrate with Fetch. 120084 5 annevk 2015-05-05 17:09:08 +0000 Takeshi, can this be closed? 120904 6 tyoshino 2015-06-11 14:03:17 +0000 OK. Please close. I'll reopen when necessary. Thanks!