W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call]

From: Tyler Close <tyler.close@gmail.com>
Date: Wed, 14 Apr 2010 11:20:27 -0700
Message-ID: <j2w5691356f1004141120k83829c85j7975d229ab645d6@mail.gmail.com>
To: Arthur Barstow <Art.Barstow@nokia.com>
Cc: ext Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Wed, Apr 14, 2010 at 9:41 AM, Tyler Close <tyler.close@gmail.com> wrote:
> I have been studying CORS ISSUE-90
> <http://www.w3.org/2008/webapps/track/issues/90>, so as to bring UMP
> into line with this part of CORS. I can't find any pattern or
> rationale to the selection of headers on the whitelist versus those
> not on the whitelist. Does anyone know where this list came from and
> how it was produced?
>
> If I produce a more comprehensive whitelist for UMP will CORS follow my lead?

The following whitelist includes all end-to-end response headers
defined by HTTP, unless there is a specific security risk:

# Age
# Allow
# Cache-Control
# Content-Disposition
# Content-Encoding
# Content-Language
# Content-Length
# Content-Location
# Content-MD5
# Content-Range
# Content-Type
# Date
# ETag
# Expires
# Last-Modified
# Location
# MIME-Version
# Pragma
# Retry-After
# Server
# Vary
# Warning

Does anyone object to making this the new whitelist for both CORS and UMP?

--Tyler
Received on Wednesday, 14 April 2010 18:20:59 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT