W3C home > Mailing lists > Public > public-webapi@w3.org > February 2007

Re: XMLHttpRequest for Last Call

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 13 Feb 2007 17:02:28 +0100
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.tno2ue0364w2qv@id-c0020>

On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke <julian.reschke@gmx.de>  
> I think the spec needs to be carefully checked for usage of  
> RFC2119/BCP14 terminology. For instance  
> (<http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8#dfn-setrequestheader>):
> "For security reasons nothing SHOULD be done if the header argument  
> matches one of the following headers case-insensitively:"
> I think I understand what the intent is, but maybe it should be  
> rephrased to:
> "For security reasons, a server SHOULD ignore any attempt to modify any  
> of the headers below (header names being matched case-insensitively):"

I don't understand this suggestion. Are you sure you understand what the  
section is about?

Anne van Kesteren
Received on Tuesday, 13 February 2007 16:02:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:23 UTC