W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: call for reviewers: XMLHttpRequest Last Call

From: <sird@rckc.at>
Date: Tue, 8 Dec 2009 18:46:43 +0800
Message-ID: <8ba534860912080246t4e399b0dj488e4df509a1af33@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Adam Barth <w3c@adambarth.com>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
Oh, I would swear it was different before. =S.. my fail (maybe cache?)

So, I'm really sorry, it do states Set-Cookie/2 should be ignored.

@Anne, what about the - alias for _ on Apache on request headers?

-- Eduardo
http://www.sirdarckcat.net/

Sent from Hangzhou, 33, China

On Tue, Dec 8, 2009 at 6:37 PM, Anne van Kesteren <annevk@opera.com> wrote:

> On Sun, 06 Dec 2009 17:38:05 +0100, Adam Barth <w3c@adambarth.com> wrote:
>
>> On Sun, Dec 6, 2009 at 8:19 AM, sird@rckc.at <sird@rckc.at> wrote:
>>
>>> 3.- Do you really want to return to the user ALL http headers with
>>> getAllResponseHeaders? think on Set-Cookie + httpOnly
>>>
>>
>> I believe most (all?) implementations block returning Set-Cookie
>> headers with HttpOnly cookies.  If the spec doesn't say this, it's out
>> of step with common practice.
>>
>
> RTFS? ;-)
>
>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>
Received on Tuesday, 8 December 2009 10:47:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT