W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [XHR] Authorization header

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 01 Apr 2009 12:11:35 +0200
To: "Alexey Proskuryakov" <ap@webkit.org>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <op.urpc9lbw64w2qv@annevk-t60.oslo.opera.com>
On Wed, 01 Apr 2009 12:05:08 +0200, Alexey Proskuryakov <ap@webkit.org>  
wrote:
> As there seems to be no danger in allowing this header for same origin  
> requests, I'd suggest removing it from the list of forbidden headers. As  
> mentioned in this thread, there are valid reasons to control it  
> explicitly.

Actually, I suppose we can also allow it for cross-origin requests now the  
server has to explicitly opt-in for each and every header.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 1 April 2009 10:12:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT