- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 01 Apr 2009 12:11:35 +0200
- To: "Alexey Proskuryakov" <ap@webkit.org>
- Cc: public-webapps <public-webapps@w3.org>
On Wed, 01 Apr 2009 12:05:08 +0200, Alexey Proskuryakov <ap@webkit.org> wrote: > As there seems to be no danger in allowing this header for same origin > requests, I'd suggest removing it from the list of forbidden headers. As > mentioned in this thread, there are valid reasons to control it > explicitly. Actually, I suppose we can also allow it for cross-origin requests now the server has to explicitly opt-in for each and every header. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 1 April 2009 10:12:19 UTC