- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 23 Jul 2007 01:46:07 -0700
- To: Web APIs WG <public-webapi@w3.org>
Jonas Sicking wrote: > > Hi All, > > A couple of questions regarding the cross-site XHR proposal: > http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012 > > As detailed in http://wiki.mozilla.org/Cross_Site_XMLHttpRequest > cross-site requests should alway have the headers set through > setRequestHeader removed. This includes requests done after a redirect > to a different server. Oh, I was going to add to this. I plan on allowing "Accept" and "Accept-Language" to be set even for cross-site requests. Are there other headers that people think would be useful and safe to allow? / Jonas
Received on Monday, 23 July 2007 08:46:41 UTC