On Mon, 07 Apr 2008 21:18:03 +0200, Elias Sinderson <elias@soe.ucsc.edu> wrote: > Anne van Kesteren wrote: >> I have updated the editor's draft of the Access Control for Cross-site >> Requests specification to include support for HTTP headers [...] >> Nothing else has changed because no other changes have been proposed. > > Thanks for the update, much appreciated. > I see no mention of If-* headers and cannot recall there being reason > provided to omit them (on-list, at least). Certainly being able to make > conditional requests that would otherwise be allowed as non-conditional > should be allowed? They are allowed. Though even for GET requests they would require a preflight request first. Currently the only headers that are allowed without preflight (only GET requests can go without a preflight) are Accept and Accept-Language, based on earlier feedback from Ian Hickson. However, maybe we should simply remove those and always require a preflight request for a request with "custom" headers. Not sure. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Monday, 7 April 2008 19:28:45 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 April 2008 19:28:45 GMT