- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 15 May 2008 09:19:01 +0000 (UTC)
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Anne van Kesteren <annevk@opera.com>, public-webapi@w3.org
On Thu, 15 May 2008, Julian Reschke wrote: > Ian Hickson wrote: > > ... > > Incidentally, I think I would recommend removing the blacklist from AC, > > since AC has a whitelist. Having both seems pointless. > > ... > > You mean disallowing all headers except a known list??? Nope. > > Again, that would mean profiling HTTP, and make it impossible to deploy new > stuff. It's what XHR2+AC already requires, I'm just suggesting simplifying the prose of AC to remove the redundant blacklist (since it doesn't have any testable block-box effect). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 15 May 2008 09:19:45 UTC