- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 15 Jul 2008 11:15:32 +0200
- To: "Ian Hickson" <ian@hixie.ch>
- Cc: "WebApps WG" <public-webapps@w3.org>
On Tue, 15 Jul 2008 10:20:09 +0200, Ian Hickson <ian@hixie.ch> wrote: > On Tue, 15 Jul 2008, Anne van Kesteren wrote: >> CROSS-SITE POST >> >> We limit the amount of Content-Type header values people can set for the >> simple cross-site POST request to those you can use with HTML forms >> today. This list will not become a fixed list until we work out how >> Access Control for Cross-Site Requests will work together with HTML5 >> forms. > > This will lead to people lying about Content-Types, which is one of the > big problems with XDR. I don't think this is a good thing. (In > particular, it prevents us from sending XML over XHR, which is dumb > given the name of > the object if nothing else! Sending JSON and XML are the two biggest use > cases of this API.) The idea is not to prevent it, but to require a preflight request for the non-HTML forms Content-Types. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 15 July 2008 09:16:03 UTC