| 09:52 | <FND> | hi - could someone provide an authoritative assessment of the state of fetch here: https://github.com/neo4j/neo4j/issues/5628#issuecomment-148325581 |
| 09:52 | <FND> | I reckon the CORS restrictions can be considered stable? |
| 09:59 | <MikeSmith> | FND: CORS restrictions can definitely be considered stable |
| 09:59 | <FND> | MikeSmith: would you mind commenting as much on the ticket - or should I just quote you? |
| 10:00 | <MikeSmith> | FND: I will reply there right now |
| 10:00 | <FND> | thank you! |
| 10:07 | <annevk> | FND: note that just supplying the Origin is not sufficient |
| 10:07 | <annevk> | FND: you also need to have Access-Control-Allow-Credentials |
| 10:08 | <annevk> | FND: however, do you really need to allow for credentials in your request? |
| 10:09 | <FND> | annevk: yeah, I'm aware of that - in this case, I'm writing an SPA on top of Neo4j's REST API, both of which are only accessible behind Basic Auth |
| 10:09 | <annevk> | FND: note that if you pass credentials yourself, you might not necessarily need credentials: include |
| 10:10 | <FND> | annevk: I don't quite follow |
| 10:10 | <annevk> | FND: the credentials parameter is really only for browser-supplied credentials, such as previously set cookies or stored authentication data |
| 10:10 | <annevk> | FND: I need to explain that better in the specification at some point, but it's somewhat complicated :/ |
| 10:10 | <MikeSmith> | I commented at https://github.com/neo4j/neo4j/issues/5628#issuecomment-148341540 |
| 10:11 | <FND> | ah, right, of course - thus the Basic Auth mention above |
| 10:11 | <FND> | thanks MikeSmith! |
| 10:11 | <MikeSmith> | annevk maybe should comment there as well I suppose |
| 10:11 | <annevk> | FND: yeah, if you don't set the Authorization header yourself, I guess you'll need to have credentials included |
| 10:11 | <MikeSmith> | FND: thanks for the heads-up |
| 10:16 | <FND> | thanks guys, this was a delightfully straightforward interaction |
| 11:11 | <FND> | annevk: thanks for the clarification on that ticket - so am I to assume that ikwattro's assertion regarding non-fetch CORS requests doesn't apply for withCredentials? |
| 11:11 | <annevk> | FND: I'm not sure what you mean by that |
| 11:11 | <annevk> | FND: fetch() and XMLHttpRequest basically do the same thing, fetch() just has a couple more settings |
| 11:12 | <FND> | so ikwattro said "I can make CORS requests (without fetch) to a local neo4j instance from a web application without problems" |
| 11:12 | <FND> | but he's probably only tested it without credentials then? |
| 11:12 | <annevk> | FND: I suppose that he hasn't set withCredentials to true there, yes |
| 11:12 | <FND> | roger, thank you |
| 11:50 | <mkwst> | annevk: Is the first item of a request's `url list` something I could safely reference to grab the URL that a page thinks that it's requesting? |
| 11:51 | <annevk> | mkwst: you could just use request's url |
| 11:52 | <mkwst> | Oh. I though the url was changed during redirects. |
| 11:53 | <mkwst> | Yeah, I guess I misread. That's simpler. Thanks! :) |
| 11:54 | <annevk> | That changed a while back to make Request / request more similar |
| 11:54 | <mkwst> | Makes sense. :) |
| 13:22 | <annevk> | gsnedders: what's the deal with https://groups.google.com/forum/#!forum/html5lib-discuss? |
| 13:22 | <annevk> | gsnedders: abandoned? |
| 13:24 | <Ms2ger> | Sounds likely |
| 13:35 | <nox> | I have a PR on Servo that updates various WPT tests to use latest interfaces defined in the URL spec btw. |
| 13:49 | <gsnedders> | annevk: it, uh, theoretically still exists. |
| 13:50 | <gsnedders> | annevk: de-facto StackOverflow has kinda taken over |
| 14:02 | <Ms2ger> | <html requestVisibility=1> |
| 14:03 | <Ms2ger> | I hope someone is reviewing this... |
| 14:03 | <jgraham> | ? |
| 14:04 | <annevk> | Ms2ger: what is that? |
| 14:05 | <Ms2ger> | https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/qRGtrVZ1X98 |
| 14:06 | <annevk> | Ms2ger: ah, the one email I didn't read |
| 14:07 | <Ms2ger> | Heh |
| 14:08 | <annevk> | Ms2ger: that proposal didn't really seem thought out |
| 14:08 | <Ms2ger> | I stopped reading at the first code snippet |
| 16:25 | <MikeSmith> | Domenic: I like https://usercontent.irccloud-cdn.com/file/cO7Wucwf/authoring.png and think it's worth pursuing |
| 21:25 | <TabAtkins> | Anyone know the reasoning behind moving WebAppsWG to WPWG? |
| 21:27 | <gsnedders> | TabAtkins: merging in the HTML WG, given it was |
| 21:28 | <TabAtkins> | ...and why does that require closing WebApps? |
| 21:28 | <gsnedders> | TabAtkins: the charter expired |
| 21:28 | <gsnedders> | TabAtkins: and rechartering is essentially creating a new WG |
| 21:28 | <TabAtkins> | ...and why does that require closing WebApps (rather than just reupping the charter)? |
| 21:28 | <TabAtkins> | "essentially", but requires everyone to move over and re-join. |
| 21:29 | <gsnedders> | MikeSmith said something about rechartering (as opposed to extensions) requiring everyone to rejoin anyway. |
| 21:30 | <jgraham> | Ours is not to reason why, ours is but to get on with useful work in whatever forum and let the lawyers keep themselves country clubs arguing over the rest. |
| 21:30 | jgraham | is not exactly Tennyson |
| 23:29 | <MikeSmith> | The move to the new WG was not just a W3C team preference; it was discussed and planned with quite a lot of input/requirements from various parties. In particular, a number of different people from all the browser-engine projects had a voice in helping to determine what the plans would be. |
| 23:30 | <MikeSmith> | TabAtkins: You can ask internally on the Chrome team for more insight on why/how the particular makeup on the new group was arrived at |
| 23:31 | <MikeSmith> | in the end, as usual, not everybody who took the time to help get the details worked out was completely happy with the result |
| 23:32 | <MikeSmith> | but I think plh did a pretty great job of synthesizing all the input/requirements he was given to work with, and coming up with some balance |
| 23:33 | <MikeSmith> | anyway, the WebApps WG was around in the form it had for 8 years or whatever, and in mostly the same form for a couple years before that, as the Web APIs WG |
| 23:35 | <MikeSmith> | so it was bordering on 10 years of life, and was sorta due anyway for having some assumptions re-examined, and refinements made |
| 23:38 | <MikeSmith> | and simply doing another charter extension of the WebApps WG as not an option, and we needed to fully recharter it anyway; and re-chartering a group in practice basically amounts to creating a new group (since among other things, as gsnedders mentioned, it requires all the participants to do the steps of (re)joining after its launched) |
| 23:39 | <MikeSmith> | anyway, fwiw, I think plh got it all right and the group is going to turn out to be at least as useful a place to get work done as the WebApps WG was |
| 23:43 | <TabAtkins> | MikeSmith: All right. I just stumbled across the announcement, and there was no mention whatsoever of the reasoning. |
