Anne van Kesteren wrote: > On Thu, 14 Feb 2008 06:59:29 +0100, John Panzer <jpanzer@acm.org> wrote: >> Anne van Kesteren wrote: >>> This is currently not the case for XMLHttpRequest level 2. Based on >>> feedback from Mozilla only Accept and Accept-Language can be set for >>> cross-site requests. >> >> (Aside: Surely Content-Type is allowed as well?) > > Currently, no. In that case, AtomPub among other things is right out, as it needs a Content-Type of application/atom;type=entry on POST and PUT. ... > > I agree that it provides a lot of limitations. I believe the primary > concern is not provide new attack vectors. GET requests you can > currently issue don't allow setting of custom headers, for instance. > However, this concern does not apply to POST/PUT, etc. as there you > make an initial request to see if the server is ok with it. > > Jonas? I think it's too restrictive (at least for POST/PUT, where you often need to send additional metadata in headers).Received on Thursday, 14 February 2008 18:14:15 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 February 2008 18:14:16 GMT