W3C home > Mailing lists > Public > public-webapi@w3.org > July 2007

Re: [xhr] proxy-connection header

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 23 Jul 2007 09:45:48 +0200
Message-ID: <46A45CAC.6020408@gmx.de>
To: Jonas Sicking <jonas@sicking.cc>
CC: Web APIs WG <public-webapi@w3.org>

Jonas Sicking wrote:
> ...
> Yes, if it's a security problem not to. IMHO that should be the 
> determining factor.
> 
> Actually, I'm wondering if we should disallow any header starting with 
> "Proxy-". For example Proxy-Authorization header looks scary to me.
> ...

Well, this is yet another case where the theory of spec writing and 
practice aren't aligned :-)

I'd prefer the spec not to state normative requirements with respect to 
headers that don't even have a spec. So optimally, write down what you 
think the header does, and get it registered in the provisional IANA 
registry.

Best regards, Julian
Received on Monday, 23 July 2007 07:47:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT