W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XHR: restrictions on request headers

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 12 Apr 2006 00:01:24 +0000 (UTC)
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Maciej Stachowiak <mjs@apple.com>, Web APIs WG <public-webapi@w3.org>
Message-ID: <Pine.LNX.4.62.0604112357540.21459@dhalsim.dreamhost.com>

On Wed, 12 Apr 2006, Julian Reschke wrote:
>
> Ian Hickson wrote:
> > ...
> > But I would add one more. Authors are stupid. We shouldn't provide them with
> > features whose only possible use is for them to shoot themselves in the
> > foot. In other words, I would phrase the question not as "which headers
> > should we restrict", but "which headers should we allow", and only allow
> > those that have valid use cases.
> > ...
> 
> How do you do that, when the set of headers with potential use cases is
> open-ended?

You allow any headers that we didn't consider.


> For instance, would "Destination", "Apply-To-Redirect-Ref" or "If" 
> qualify?

Sure, supporting WebDAV seems like a valid use case.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 12 April 2006 00:01:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT