W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 Jul 2008 07:29:42 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Maciej Stachowiak" <mjs@apple.com>, "Sunava Dutta" <sunavad@windows.microsoft.com>, "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.ud19jsw764w2qv@annevk-t60.oslo.opera.com> 

On Thu, 10 Jul 2008 01:03:19 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Anne van Kesteren wrote:
>>  On Thu, 10 Jul 2008 00:32:18 +0200, Maciej Stachowiak <mjs@apple.com>  
>> wrote:
>>> I would be in favor of Access-Control or Access-Control-Allow, I think  
>>> Access-Control-Origin and Origin are confusing in combination. It  
>>> seems unclear from the names which is a request header and which is a  
>>> response header.
>>  We could restrict Access-Control-* to the server.
>
> What would that win us?
>
> Naming all headers related to the spec Access-Control-* (as the spec  
> does now) seems to add clarity IMHO.

It would make it clear to server authors which headers they are in control  
over without having to look at the header descriptions.

I don't feel strongly about this though, adding Allow everywhere works for  
me too.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 10 July 2008 05:30:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:00 GMT