W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 19 Apr 2010 21:20:34 +0200
Message-ID: <4BCCAD02.1030109@gmx.de>
To: Tyler Close <tyler.close@gmail.com>
CC: Maciej Stachowiak <mjs@apple.com>, Jonas Sicking <jonas@sicking.cc>, Ben Laurie <benl@google.com>, Arthur Barstow <Art.Barstow@nokia.com>, ext Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On 19.04.2010 20:30, Tyler Close wrote:
> ...
>> Again: did you check all the headers in the permanent registry? If you did,
>> why are the ones (which are just examples) missing? And what's the reason to
>> default to strip general headers and response headers?
> Again, the model is to define a minimal whitelist and enable servers
> to explicitly extend the minimal whitelist. The default members of the
> whitelist only exist as a convenience, so that servers don't have to
> explicitly list them on every response.
> Also, asking a static specification to keep up with a mutable registry
> is not feasible.
> ...

Yes. That's exactly the reason why a whitelist is wrong choice.

Best regards, Julian
Received on Monday, 19 April 2010 19:21:33 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:24 UTC