W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Sec-* headers

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 22 Feb 2011 09:18:18 +1100
Cc: ietf-http-wg@w3.org
Message-Id: <4A94F6B5-313C-40FD-883F-056744CE3C29@mnot.net>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Thanks, Bjoern. I think the underlying issue is whether a W3C draft should unilaterally make such a declaration; it's kind of a one-time thing. I.e., if another use case comes along and declares *their* special prefix, it'll be impractical.

I'll put on my liaison hat and bring it up with the W3C.


On 22/02/2011, at 8:14 AM, Bjoern Hoehrmann wrote:

> Hi,
>  Over in the hybi Working Group the issue of "Sec-*" headers came up.
> The XMLHttpRequest draft says "Header names starting with Sec- are not
> allowed to be set to allow new headers to be minted that are guaranteed
> not to come from XMLHttpRequest." It seems to me that if "Sec-*" headers
> are somehow special, that is something the core specifications needs to
> mention, like in the header registration specification, but I could not
> find anything there from a quick look.
> regards,
> -- 
> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Mark Nottingham   http://www.mnot.net/
Received on Monday, 21 February 2011 22:18:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:56 UTC