W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: XHR header blacklist rationale

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 27 May 2008 14:11:33 +0200
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Sunava Dutta" <sunavad@windows.microsoft.com>, "public-webapi@w3.org" <public-webapi@w3.org>, "Gideon Cohn" <gidco@windows.microsoft.com>, "Ahmed Kamel" <Ahmed.Kamel@microsoft.com>, "Zhenbin Xu" <zhenbinx@windows.microsoft.com>, "Doug Stamper" <dstamper@exchange.microsoft.com>
Message-ID: <op.ubtatjju64w2qv@annevk-t60.oslo.opera.com>

On Tue, 13 May 2008 10:40:16 +0200, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> Anne van Kesteren wrote:
>> I see. (Your original message seemed to imply the list was not  
>> correct.) To be honest, and as I've stated in my reply to Julian, I'm  
>> not sure what the rationale is for some of them. Hopefully implementors  
>> can chime in on this thread and provide feedback for why each of the  
>> headers listed in setRequestHeader() is blocked.
>
> Right. On the other hand, if nobody can explain why a particular header  
> is on that list, it should be removed.

All the headers on that list are better controlled by the user agent. I  
made the specification more clear on that.

I also made it clear that the user agent is not to set any headers other  
than those on that list and those permitted to be set if the author has  
not set them (as explained under the send() algorithm).


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 27 May 2008 12:12:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 May 2008 12:12:09 GMT