W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 19 Apr 2010 08:16:02 +0200
Message-ID: <4BCBF522.9010409@gmx.de>
To: Tyler Close <tyler.close@gmail.com>
CC: Jonas Sicking <jonas@sicking.cc>, Anne van Kesteren <annevk@opera.com>, Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
On 18.04.2010 22:29, Tyler Close wrote:
> If Mozilla agrees to implement it, I'd like UMP to specify a new
> header named "U" whose value is either "*" or a list of allowed
> response headers. A response with this header is opting out of Same
> Origin Policy protection for both the response entity and the listed
> response headers. The response is not required to also include the
> Access-Control-Allow-Origin header, but can for compatibility with
> current implementations.
>
> This solution would get two birds with one stone, allowing use to
> deprecate the verbose and misleading header name that mnot also
> complained about.

Beware. There is both too much verbosity and too little. You might want 
to run that header name through the Designated Experts for header names 
before deployment.

Best regards, Julian
Received on Monday, 19 April 2010 06:16:48 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT