Hi All, A couple of questions regarding the cross-site XHR proposal: http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012 As detailed in http://wiki.mozilla.org/Cross_Site_XMLHttpRequest cross-site requests should alway have the headers set through setRequestHeader removed. This includes requests done after a redirect to a different server. Why prevent a user from setting the "Content-Access-Control" header? That is generally a response header and I'd expect servers to ignore it. What is the purpose of the Referer-Root header? Why can't sites rely on the Referer header? / JonasReceived on Monday, 23 July 2007 08:36:31 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT