W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: ISSUE-90: Exposing more (~infinite) response headers [CORS]

From: Nathan <nathan@webr3.org>
Date: Tue, 15 Jun 2010 13:36:35 +0100
Message-ID: <4C1773D3.8090105@webr3.org>
To: Anne van Kesteren <annevk@opera.com>
CC: public-webapps@w3.org
Anne van Kesteren wrote:
> On Tue, 16 Jun 2009 16:18:25 +0200, Web Applications Working Group Issue 
> Tracker <sysbot+tracker@w3.org> wrote:
>> In
>>
>>   http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html
>>
>> Mark Nottingham comments on the asymmetry of exposing the body of the 
>> response but only a tiny subset of the headers. He argues for
>>
>>  * Expanding this whitelist and
>>  * Giving responses of resources a way to indicate which headers are 
>> ok to expose
>>
>> or
>>
>>  * Turning it into a blacklist
>>
>> He indicated he was not satisfied deferring this issue to CORS2 and 
>> considers it a showstopper for CORS1.
> 
> To resolve ISSUE-90 I added a new header Access-Control-Expose-Headers 
> that controls which additional headers are exposed to the API.
> 
> http://dev.w3.org/2006/waf/access-control/#http-access-control-expose-headers 

fantastic :)!
Received on Tuesday, 15 June 2010 12:37:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:39 GMT