Julian Reschke wrote: > > Jonas Sicking wrote: >> >> The XHR spec currently allows users to set the "Proxy-Connection" >> header using setRequestHeader method. I couldn't find a spec for it >> other than some discussions here: >> ... > > As far as I can tell, the spec doesn't even mention the header. > > Are you saying the spec should disallow setting a header that isn't even > registered (<http://www.iana.org/assignments/message-headers/>)? Yes, if it's a security problem not to. IMHO that should be the determining factor. Actually, I'm wondering if we should disallow any header starting with "Proxy-". For example Proxy-Authorization header looks scary to me. / JonasReceived on Monday, 23 July 2007 07:35:34 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT