On Wed, 01 Apr 2009 12:05:08 +0200, Alexey Proskuryakov <ap@webkit.org> wrote: > As there seems to be no danger in allowing this header for same origin > requests, I'd suggest removing it from the list of forbidden headers. As > mentioned in this thread, there are valid reasons to control it > explicitly. Actually, I suppose we can also allow it for cross-origin requests now the server has to explicitly opt-in for each and every header. -- Anne van Kesteren http://annevankesteren.nl/Received on Wednesday, 1 April 2009 10:12:19 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT