W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: ISSUE-24 (Allow List Scope): Which headers should be allowed in the Allow List? [Access Control]

From: Jonas Sicking <jonas@sicking.cc>
Date: Tue, 01 Jul 2008 14:59:21 -0700
Message-ID: <486AA8B9.80409@sicking.cc>
To: Web Applications Working Group WG <public-webapps@w3.org>

Web Applications Working Group Issue Tracker wrote:
> ISSUE-24 (Allow List Scope): Which headers should be allowed in the Allow List? [Access Control]
> 
> http://www.w3.org/2008/webapps/track/issues/
> 
> Raised by: Doug Schepers
> On product: Access Control
> 
> What is the full range of headers that should be allowed in AC?  What is the process to add them?

To be specific, this is about which headers are in the white-list of 
headers that do not need preflight checking for GET requests. Currently 
the list is only:

Accept
Accept-Language

but we might want to add more. However note that any other header can be 
sent, but requires explicit opt-in from the server.

/ Jonas
Received on Tuesday, 1 July 2008 22:00:52 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT