W3C home > Mailing lists > Public > public-webapi@w3.org > July 2007

Re: [xhr] cross site proposal headers

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 26 Jul 2007 13:36:09 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, "Web APIs WG" <public-webapi@w3.org>
Message-ID: <op.tv2k6jf464w2qv@annevk-t60.oslo.opera.com>

On Thu, 26 Jul 2007 13:34:39 +0200, Anne van Kesteren <annevk@opera.com>  
>> Why prevent a user from setting the "Content-Access-Control" header?  
>> That is generally a response header and I'd expect servers to ignore it.
> If requests with arbitrary headers set can harm a server they are  
> already vulnerable. Is it really wise to restrict this?

Actually, this is untrue for intranets and such. Hmm.

Anne van Kesteren
Received on Thursday, 26 July 2007 11:36:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:24 UTC