- From: Nathan <nathan@webr3.org>
- Date: Tue, 15 Jun 2010 13:36:35 +0100
- To: Anne van Kesteren <annevk@opera.com>
- CC: public-webapps@w3.org
Anne van Kesteren wrote: > On Tue, 16 Jun 2009 16:18:25 +0200, Web Applications Working Group Issue > Tracker <sysbot+tracker@w3.org> wrote: >> In >> >> http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html >> >> Mark Nottingham comments on the asymmetry of exposing the body of the >> response but only a tiny subset of the headers. He argues for >> >> * Expanding this whitelist and >> * Giving responses of resources a way to indicate which headers are >> ok to expose >> >> or >> >> * Turning it into a blacklist >> >> He indicated he was not satisfied deferring this issue to CORS2 and >> considers it a showstopper for CORS1. > > To resolve ISSUE-90 I added a new header Access-Control-Expose-Headers > that controls which additional headers are exposed to the API. > > http://dev.w3.org/2006/waf/access-control/#http-access-control-expose-headers fantastic :)!
Received on Tuesday, 15 June 2010 12:37:35 UTC