[whatwg] HTTP Forms extension specification

Cameron Jones cmhjones at gmail.com
Fri Feb 22 06:29:00 PST 2013

On Fri, Feb 22, 2013 at 10:05 AM, Anne van Kesteren <annevk at annevk.nl>wrote:

> On Thu, Feb 21, 2013 at 7:42 PM, Cameron Jones <cmhjones at gmail.com> wrote:
> > I've just committed an initial draft of HTTP extensions for Forms:
> >
> > http://cameronjones.github.com/form-http-extensions/index.html
> >
> > The document can be considered within the public domain for integration.
> I'd recommend making CC0 the license then, rather than CCA.

Done, and spelling fixed.

> Motivation would also useful. It's not entirely clear to me why this
> complexity is warranted.

The motivations are the same which support declarative over imperative
programming, access to the HTTP protocol methods and headers (ETags,
versioning), greater flexibility over payload binding and the ability to
avoid using cookies for session continuation. The access to HTTP Auth
provides greater security over non-HTTPS than is currently possible while
retaining the ability to style forms for login\logout which users have come
to expect. This is all in the absence of requiring JavaScript to be on.

For a (slightly inflamed from a rant-able persona, so please read with
potential sensitivities off) further examination of the use cases and
rationale, the specification is the reification of the proposal i wrote
last year:


> And the complexity seems lacking, e.g. you're
> not putting the necessary restrictions on header names and values as
> far as I can tell.
The HTTP headers are restricted using a copy-paste of those in XHR which is
included in the form submission process. Happy to hear any suggestions to
improve the structure or general authoring.

Cameron Jones

More information about the whatwg mailing list