- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 21 Aug 2013 15:07:57 +0100
- To: Monsur Hossain <monsur@gmail.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Wed, Aug 21, 2013 at 6:12 AM, Monsur Hossain <monsur@gmail.com> wrote: > The latest CORS spec defines the simple headers as Accept, Accept-Language > and Content-Language. However the spec doesn't provide any insight into why > these particular headers are special. What is the motivation for defining > these as simple headers? My initial assumption was that a preflight was > required for any cross-origin request that couldn't be done before the CORS > spec existed. But its not clear to me how an author could set these simple > headers on cross-origin requests before CORS. Accept is pretty random due to plugins. Accept-Language and Content-Language I guess we considered safe enough. Not sure there was any particularly strong rationale... -- http://annevankesteren.nl/
Received on Wednesday, 21 August 2013 14:08:24 UTC