[whatwg] ContextAgnosticXmlHttpRequest: an informal RFC

Jim Ley jim.ley at gmail.com
Thu Mar 10 09:10:31 PST 2005

On Thu, 10 Mar 2005 10:18:16 -0600, Doron Rosenberg <doronr at gmail.com> wrote:
> Well, the code in Mozilla is well tested and already used in the wild.

Could you point me at the tests?
<URL: http://lxr.mozilla.org/seamonkey/source/extensions/webservices/docs/Soap_Scripts_in_Mozilla.html
> says they're at:
<URL: http://lxr.mozilla.org/seamonkey/source/extensions/xmlextras/tests/  >

called soap* - but there's none of that name there?  I can't get it to
work anyway,

  var soapCall = new SOAPCall();
  soapCall.transportURI = "http://jibbering.com/";
  soapCall.encode(0, "chicken", "urn:Jibberjim", 0, null, 0,[]);
  soapCall.verifySourceHeader = true; 
    function (response, soapcall, error) {

makes no request for the webserver xml doc, but does post to the
server...  Obviously I'm doing something wrong, the example and test
files will turn it up I'm sure.

> The benefit of the extra request is that we don't fetch any data
> unless we are allowed to.  In your model, we would fetch the XML, and
> then check if there is a header that allows us to pass it to the user.

If that's the only complaint, then an extra HEAD request on the same
resource would be even more efficient (no data transferred), and no
less secure.  A get on an unrelated document should not be necessary.

> And I think easy delpoyment is important.  Cross domain is only really
> important for intranets.

If this is the case, why not go down the IE cross domain intranet
deployment model, which is very well understood and very well used by
millions of people rather than a new method, that's only relevant to
SOAP (in this case) ?  Or indeed even the current mozilla security
model which is also used?


More information about the whatwg mailing list