Re: [w3ctag/design-reviews] Migrating some high-entropy HTTP request headers to Client Hints. (#320) from Mike West on 2018-11-05 (public-webapps-github@w3.org from November 2018)

From: Mike West <notifications@github.com>
Date: Mon, 05 Nov 2018 05:41:37 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/320/435877146@github.com>

> Reportedly the client hints community also wants to be able to control these headers at times so Sec- wouldn't work for them.

I'll defer to folks who know what they're talking about, then. Some sort of prefix might make sense. And perhaps for these items in particular, we could decide that we don't want folks to be able to control them from JavaScript. Allowing folks to control the user agent, for instance, seems weird (though I guess we allow it today?).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/320#issuecomment-435877146

Received on Monday, 5 November 2018 13:41:59 UTC