Bug 14773 - Investigate if synchronous XHR in window context should not support new XHR responseTypes
Investigate if synchronous XHR in window context should not support new XHR r...
Status: RESOLVED FIXED
Product: WebAppsWG
Classification: Unclassified
Component: XHR
unspecified
PC All
: P2 normal
: ---
Assigned To: Anne
public-webapps-bugzilla
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-11 19:03 UTC by Olli Pettay
Modified: 2012-10-11 11:15 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Olli Pettay 2011-11-11 19:03:19 UTC
See also
https://bugzilla.mozilla.org/show_bug.cgi?id=701787
https://bugs.webkit.org/show_bug.cgi?id=72154
and WebApps mailing list
Comment 1 Anne 2011-11-25 08:48:21 UTC
So should this also happen for all cross-origin requests that do not use withCredentials as sicking seemed to suggest on the mailing list? Is that what is being implemented?
Comment 2 Jonas Sicking 2011-11-27 01:44:07 UTC
I'm not sure I understand the question. Here is what I proposed a few days ago and what I still think should be specified:

http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/0924.html
Comment 3 Anne 2011-11-27 01:47:49 UTC
That is already defined. The question is whether invoking open() with a cross-origin URL should throw if async is false.
Comment 4 Olli Pettay 2011-11-27 02:00:38 UTC
cross-origin XHR has been supported for ages.
I don't think we can break it easily.
Comment 5 Jonas Sicking 2011-11-27 06:00:19 UTC
Oh, crap, I worded that wrong. Yes, I think we should make it throw. We should be able to get data on if that is web compatible.
Comment 6 Olli Pettay 2011-11-27 19:38:19 UTC
(In reply to comment #5)
> Oh, crap, I worded that wrong. Yes, I think we should make it throw. We should
> be able to get data on if that is web compatible.

Throw always when cross-origin sync XHR is used?
I would be surprised if that doesn't break some websites.
Comment 7 Jonas Sicking 2011-11-28 06:33:55 UTC
Use of CORS is still fairly new. And use of synchronous CORS requests doesn't work at all cross browser since IE doesn't have a sync mode for XDR. So I think there's a good chance that it would work.
Comment 8 Anne 2012-10-11 10:03:18 UTC
Jonas, Olli, what is your current opinion on this? I can make the specification say this, but if it's not going to be implemented, there's not much point :-)
Comment 9 Olli Pettay 2012-10-11 10:09:41 UTC
https://bugzilla.mozilla.org/show_bug.cgi?id=701787
is fixed.
Comment 10 Olli Pettay 2012-10-11 10:10:22 UTC
And looks like https://bugs.webkit.org/show_bug.cgi?id=72154 also.
Comment 11 Olli Pettay 2012-10-11 10:11:47 UTC
Or do you mean only the CORS part?
That is not what this bug is about.
I assume it might be too late to change CORS handling.
Comment 12 Anne 2012-10-11 11:15:31 UTC
Thank you Olli!

Since the anonymous flag is new I made open() throw for that. The only scenario where you can still do sync requests is same-origin requests and cross-origin requests where you have not set timeout/withCredentials/...

Apart from the new thing about the anonymous flag I think the specification matches Gecko now.

https://github.com/whatwg/xhr/commit/ac6d9b636bd6d86a9752006e8c34160a215e6fe1
http://xhr.spec.whatwg.org/