W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XHR: restrictions on request headers

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 11 Apr 2006 23:57:34 +0000 (UTC)
To: Jonas Sicking <jonas@sicking.cc>
Cc: Maciej Stachowiak <mjs@apple.com>, Web APIs WG <public-webapi@w3.org>
Message-ID: <Pine.LNX.4.62.0604112356140.21459@dhalsim.dreamhost.com>

On Tue, 11 Apr 2006, Jonas Sicking wrote:
>
> Ian Hickson wrote:
> > But I would add one more. Authors are stupid. We shouldn't provide them with
> > features whose only possible use is for them to shoot themselves in the
> > foot. In other words, I would phrase the question not as "which headers
> > should we restrict", but "which headers should we allow", and only allow
> > those that have valid use cases.
> 
> This sounds like what I suggested. But are there really any headers 
> "whose only possible use is for them to shoot themselvs in the foot"?

Accept-Charset was the one that has been mentioned several times -- 
certainly unrestricting it (making it accept things that the UA won't know 
how to handle) doesn't seem very useful, since the UA will be unable to 
provide either a responseXML or responseText in that case.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 11 April 2006 23:57:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT