W3C home > Mailing lists > Public > public-webapi@w3.org > February 2007

Re: XMLHttpRequest for Last Call

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 13 Feb 2007 17:02:28 +0100
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.tno2ue0364w2qv@id-c0020>

On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> I think the spec needs to be carefully checked for usage of  
> RFC2119/BCP14 terminology. For instance  
> (<http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8#dfn-setrequestheader>):
>
> "For security reasons nothing SHOULD be done if the header argument  
> matches one of the following headers case-insensitively:"
>
> I think I understand what the intent is, but maybe it should be  
> rephrased to:
>
> "For security reasons, a server SHOULD ignore any attempt to modify any  
> of the headers below (header names being matched case-insensitively):"

I don't understand this suggestion. Are you sure you understand what the  
section is about?


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 13 February 2007 16:02:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT