W3C home > Mailing lists > Public > public-webapi@w3.org > May 2006

Re: Headers / caches proposal (revised)

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 2 May 2006 01:33:11 -0700
Message-Id: <3EC172D5-9E00-4FCC-A3DA-F36ED1C6B7C8@apple.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>
To: Mark Nottingham <mnot@yahoo-inc.com>

On May 1, 2006, at 5:45 PM, Mark Nottingham wrote:

> 3) UAs must not allow the following headers to be set by authors:
>   Accept-Charset, Accept-Encoding, Content-Length, Date, Host, Keep- 
> Alive, Referer, TE, Trailer, Transfer-Encoding
> [example]

I made a proposal about disallowed headers a while back.


In my proposal, I suggested disallowing the following, with  
justifications given: Connection, Date, Keep-Alive, Trailer, Transfer- 
Encoding, Upgrade, Expect, Host, Referer, TE

I also suggested the following are suspicious and maybe should be  
banned, but did not include a justification:

Via, Accept-Encoding, From, Max-Forwards, Proxy-Authorization

Combining these lists, your list does not include Connection,  
Upgrade, Expect, Via, From, Max-Forwards or Proxy-Authorization. Are  
you convinced all those are safe? Do you think my specific  
justifications for Connection, Upgrade and Expect were wrong?

Your list also includes Accept-Charset, I think that one could  
reasonably either be forbidden or allowed.

I also think the spec should justify why headers are disallowed  
rather than just stating it, it seems oddly out of context to just  
give an arbitrary list.

Received on Tuesday, 2 May 2006 08:33:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:21 UTC