On Fri, 22 Feb 2008 06:47:24 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > So this means that we're saying that if the server sends a response like > > Access-Control: allow <*> > > to an OPTIONS request, the server should be prepared to handle requests > that contain *any* user set header? I know we've talked about having > another header in the reply to the OPTIONS request that specified which > headers would be allowed. This would make me feel safer to be honest. I don't think we should go there. That would complicate things a lot and given that the headers will not be part of the OPTIONS request I don't really see the problem. Also note that we had something like that before for HTTP methods and removed it. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Monday, 25 February 2008 20:45:06 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 25 February 2008 20:45:09 GMT