W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 Jul 2008 00:43:05 +0200
To: "Maciej Stachowiak" <mjs@apple.com>
Cc: "Sunava Dutta" <sunavad@windows.microsoft.com>, "Jonas Sicking" <jonas@sicking.cc>, "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.ud1qp3p064w2qv@annevk-t60.oslo.opera.com> 

On Thu, 10 Jul 2008 00:32:18 +0200, Maciej Stachowiak <mjs@apple.com>  
wrote:
> I would be in favor of Access-Control or Access-Control-Allow, I think  
> Access-Control-Origin and Origin are confusing in combination. It seems  
> unclear from the names which is a request header and which is a response  
> header.

We could restrict Access-Control-* to the server.

I actually thought of using Preflight-For-Method and Preflight-For-Headers  
instead of Access-Control-Request-Method and  
Access-Control-Request-Headers. Changing this would also allow using  
Access-Control-Methods and Access-Control-Headers on the server, making it  
all slightly more in line with each other.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Wednesday, 9 July 2008 22:43:40 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT