W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Sec-* headers

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 21 Feb 2011 15:06:57 -0800
Message-ID: <AANLkTim=g-08-+dmc0N5eQ9RBsdEWfc=sVNVgEF5Vu53@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, ietf-http-wg@w3.org
I'm not sure I quite follow.  The only thing special about Sec-
headers is that they can't be set using the XMLHttpRequest API.  That
seems like a reasonable thing for the XMLHttpRequest API to define
irrespective of other uses of HTTP.

Adam


On Mon, Feb 21, 2011 at 2:18 PM, Mark Nottingham <mnot@mnot.net> wrote:
> Thanks, Bjoern. I think the underlying issue is whether a W3C draft should unilaterally make such a declaration; it's kind of a one-time thing. I.e., if another use case comes along and declares *their* special prefix, it'll be impractical.
>
> I'll put on my liaison hat and bring it up with the W3C.
>
> Cheers,
>
>
> On 22/02/2011, at 8:14 AM, Bjoern Hoehrmann wrote:
>
>> Hi,
>>
>>  Over in the hybi Working Group the issue of "Sec-*" headers came up.
>> The XMLHttpRequest draft says "Header names starting with Sec- are not
>> allowed to be set to allow new headers to be minted that are guaranteed
>> not to come from XMLHttpRequest." It seems to me that if "Sec-*" headers
>> are somehow special, that is something the core specifications needs to
>> mention, like in the header registration specification, but I could not
>> find anything there from a quick look.
>>
>> regards,
>> --
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
>
Received on Monday, 21 February 2011 23:08:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT