W3C home > Mailing lists > Public > public-webapi@w3.org > February 2007

Re: XMLHttpRequest for Last Call

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 13 Feb 2007 17:11:03 +0100
Message-ID: <45D1E317.1030602@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: "Web API WG (public)" <public-webapi@w3.org>

Anne van Kesteren schrieb:
> On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke 
> <julian.reschke@gmx.de> wrote:
>> I think the spec needs to be carefully checked for usage of 
>> RFC2119/BCP14 terminology. For instance 
>> (<http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8#dfn-setrequestheader>): 
>>
>>
>> "For security reasons nothing SHOULD be done if the header argument 
>> matches one of the following headers case-insensitively:"
>>
>> I think I understand what the intent is, but maybe it should be 
>> rephrased to:
>>
>> "For security reasons, a server SHOULD ignore any attempt to modify 
>> any of the headers below (header names being matched 
>> case-insensitively):"
> 
> I don't understand this suggestion. Are you sure you understand what the 
> section is about?

Yes. The problem is the spec saying "...nothing SHOULD be done...". I 
think it's better to be explicit what the implementation should do (in 
this case, ignore the method call).

Best regards, Julian
Received on Tuesday, 13 February 2007 16:11:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT