W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: ISSUE-90: Exposing more (~infinite) response headers [CORS]

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 15 Jun 2010 10:16:59 +0200
To: public-webapps@w3.org, "Web Applications Working Group Issue Tracker" <sysbot+tracker@w3.org>
Message-ID: <op.veb1alzv64w2qv@annevk-t60>
On Tue, 16 Jun 2009 16:18:25 +0200, Web Applications Working Group Issue  
Tracker <sysbot+tracker@w3.org> wrote:
> In
>
>   http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html
>
> Mark Nottingham comments on the asymmetry of exposing the body of the  
> response but only a tiny subset of the headers. He argues for
>
>  * Expanding this whitelist and
>  * Giving responses of resources a way to indicate which headers are ok  
> to expose
>
> or
>
>  * Turning it into a blacklist
>
> He indicated he was not satisfied deferring this issue to CORS2 and  
> considers it a showstopper for CORS1.

To resolve ISSUE-90 I added a new header Access-Control-Expose-Headers  
that controls which additional headers are exposed to the API.

http://dev.w3.org/2006/waf/access-control/#http-access-control-expose-headers


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Tuesday, 15 June 2010 08:17:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:39 GMT