W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 Jul 2008 07:29:42 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Maciej Stachowiak" <mjs@apple.com>, "Sunava Dutta" <sunavad@windows.microsoft.com>, "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.ud19jsw764w2qv@annevk-t60.oslo.opera.com>

On Thu, 10 Jul 2008 01:03:19 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Anne van Kesteren wrote:
>>  On Thu, 10 Jul 2008 00:32:18 +0200, Maciej Stachowiak <mjs@apple.com>  
>> wrote:
>>> I would be in favor of Access-Control or Access-Control-Allow, I think  
>>> Access-Control-Origin and Origin are confusing in combination. It  
>>> seems unclear from the names which is a request header and which is a  
>>> response header.
>>  We could restrict Access-Control-* to the server.
> What would that win us?
> Naming all headers related to the spec Access-Control-* (as the spec  
> does now) seems to add clarity IMHO.

It would make it clear to server authors which headers they are in control  
over without having to look at the header descriptions.

I don't feel strongly about this though, adding Allow everywhere works for  
me too.

Anne van Kesteren
Received on Thursday, 10 July 2008 05:30:14 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:11 UTC