> > There's a new proposal for this: > > http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0219.html > > I think it addresses your concerns. This looks good. It does seem to imply that other request headers may be considered for inclusion in the whitelist. Therefore, I would like to suggest the following additional headers be permitted in the standard whitelist of request headers: Expect - A basic HTTP header that can be useful for checking request before sending a full request >From - This can be voluntarily provided by user agents to identify who the user is Range - To request a partial subset of a resource (with Atom Publishing Protocol this is becoming increasingly useful) XSite-* - I believe we should have a subdomain of allowed custom headers, that both server and client will be mutually aware will not be filtered in cross site requests. I don't believe any of these headers represents a security threat. > No such optimization has been discussion and I'm not sure we should add > it. If this indeed becomes a common pattern we can always optimize later. > (Premature optimization and all...) That sounds reasonable. BTW, I am very excited about this specification, this is really going to open up some exciting possibilities. Good work, Thanks, KrisReceived on Monday, 25 February 2008 23:37:58 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 25 February 2008 23:37:59 GMT