W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: [XHR2] Feedback on sec-* headers

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 22 Feb 2011 14:19:58 +0100
Message-ID: <4D63B7FE.9070104@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: Adam Barth <w3c@adambarth.com>, Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On 22.02.2011 12:52, Anne van Kesteren wrote:
> On Tue, 22 Feb 2011 03:28:00 +0100, Mark Nottingham <mnot@mnot.net> wrote:
>> The problems I brought up still stand, however. I think we need to
>> have a discussion about how much convenience the implementers really
>> need here, and also to look at the impact on the registration
>> procedure for HTTP headers.
> This is not about convenience for implementors. This is about allowing
> specifications to introduce headers that cannot be spoofed via
> XMLHttpRequest.

It would be good if this could be rephrased as a general design 
question, and specified in a way that it also applies in other contexts 
(such as browser plugins doing HTTP, applets, Flash, Silverlight, whatnot).

BR, Julian
Received on Tuesday, 22 February 2011 13:27:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC