W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

[Bug 19315] New: Last-Event-ID header should be a simple header

From: <bugzilla@jessica.w3.org>
Date: Sun, 07 Oct 2012 04:45:27 +0000
To: public-webappsec@w3.org
Message-ID: <bug-19315-4874@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=19315

           Summary: Last-Event-ID header should be a simple header
           Product: WebAppsSec
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: CORS
        AssignedTo: annevk@annevk.nl
        ReportedBy: vic99999@yandex.ru
         QAContact: dave.null@w3.org
                CC: mike@w3.org, public-webappsec@w3.org


"Last-Event-ID" header, used by EventSource -
http://dev.w3.org/html5/eventsource/ , should be a simple header

EventSource already allows CORS with this header without preflight

http://hg.mozilla.org/releases/mozilla-release/file/dc25520cbe46/content/base/src/nsXMLHttpRequest.cpp#l3277

Thanks

P.S.

Seems, Firefox allows to use this headers for simple CORS request:
accept, accept-language, content-language, content-type, last-event-id

And Webkit allows:
accept, accept-language, content-language, content-type, origin, referer

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Sunday, 7 October 2012 04:45:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 7 October 2012 04:45:32 GMT