W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: XHR header blacklist rationale

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 27 May 2008 14:32:01 +0200
Message-ID: <483BFF41.4070208@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: Sunava Dutta <sunavad@windows.microsoft.com>, "public-webapi@w3.org" <public-webapi@w3.org>, Gideon Cohn <gidco@windows.microsoft.com>, Ahmed Kamel <Ahmed.Kamel@microsoft.com>, Zhenbin Xu <zhenbinx@windows.microsoft.com>, Doug Stamper <dstamper@exchange.microsoft.com>

Anne van Kesteren wrote:
> On Tue, 13 May 2008 10:40:16 +0200, Julian Reschke 
> <julian.reschke@gmx.de> wrote:
>> Anne van Kesteren wrote:
>>> I see. (Your original message seemed to imply the list was not 
>>> correct.) To be honest, and as I've stated in my reply to Julian, I'm 
>>> not sure what the rationale is for some of them. Hopefully 
>>> implementors can chime in on this thread and provide feedback for why 
>>> each of the headers listed in setRequestHeader() is blocked.
>> Right. On the other hand, if nobody can explain why a particular 
>> header is on that list, it should be removed.
> All the headers on that list are better controlled by the user agent. I 
> made the specification more clear on that.
> I also made it clear that the user agent is not to set any headers other 
> than those on that list and those permitted to be set if the author has 
> not set them (as explained under the send() algorithm).

So, why are the headers below on the list?

     * Accept-Charset
     * Accept-Encoding
     * Expect
     * Referer
     * User-Agent

BR, Julian
Received on Tuesday, 27 May 2008 12:32:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:27 UTC