Re: XHR header blacklist rationale

On Tue, 13 May 2008 10:40:16 +0200, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> Anne van Kesteren wrote:
>> I see. (Your original message seemed to imply the list was not  
>> correct.) To be honest, and as I've stated in my reply to Julian, I'm  
>> not sure what the rationale is for some of them. Hopefully implementors  
>> can chime in on this thread and provide feedback for why each of the  
>> headers listed in setRequestHeader() is blocked.
>
> Right. On the other hand, if nobody can explain why a particular header  
> is on that list, it should be removed.

All the headers on that list are better controlled by the user agent. I  
made the specification more clear on that.

I also made it clear that the user agent is not to set any headers other  
than those on that list and those permitted to be set if the author has  
not set them (as explained under the send() algorithm).


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Tuesday, 27 May 2008 12:12:09 UTC