W3C home > Mailing lists > Public > public-webapi@w3.org > July 2007

Re: [xhr] cross site proposal headers

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 23 Jul 2007 01:46:07 -0700
Message-ID: <46A46ACF.9020401@sicking.cc>
To: Web APIs WG <public-webapi@w3.org>

Jonas Sicking wrote:
> 
> Hi All,
> 
> A couple of questions regarding the cross-site XHR proposal:
> http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012
> 
> As detailed in http://wiki.mozilla.org/Cross_Site_XMLHttpRequest 
> cross-site requests should alway have the headers set through 
> setRequestHeader removed. This includes requests done after a redirect 
> to a different server.

Oh, I was going to add to this. I plan on allowing "Accept" and 
"Accept-Language" to be set even for cross-site requests. Are there 
other headers that people think would be useful and safe to allow?

/ Jonas
Received on Monday, 23 July 2007 08:46:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT