W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: [XHR2] Feedback on sec-* headers

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 22 Feb 2011 14:34:31 +0100
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Adam Barth" <w3c@adambarth.com>, "Mark Nottingham" <mnot@mnot.net>, public-webapps@w3.org
Message-ID: <op.vra3ztus64w2qv@anne-van-kesterens-macbook-pro.local>
On Tue, 22 Feb 2011 14:19:58 +0100, Julian Reschke <julian.reschke@gmx.de>  
> On 22.02.2011 12:52, Anne van Kesteren wrote:
>> This is not about convenience for implementors. This is about allowing
>> specifications to introduce headers that cannot be spoofed via
>> XMLHttpRequest.
> It would be good if this could be rephrased as a general design  
> question, and specified in a way that it also applies in other contexts  
> (such as browser plugins doing HTTP, applets, Flash, Silverlight,  
> whatnot).

Yeah, I suppose. When such a higher-level document exists I can update  
XMLHttpRequest to point to it.

Anne van Kesteren
Received on Tuesday, 22 February 2011 14:11:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC