- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 23 Jul 2009 06:04:44 +0000 (UTC)
- To: Adam Barth <w3c@adambarth.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Anne van Kesteren <annevk@opera.com>, "collinj@cs.stanford.edu" <collinj@cs.stanford.edu>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, 22 Jul 2009, Adam Barth wrote: > > I wonder if this syntax would work for CORS too? We can take the > discussion to web-apps if you like, but the idea is if you get a > redirect (e.g., of a DELETE), then you can add a second Origin header to > the request instead of modifying the existing header. I think that relying on sites to handle multiple headers correctly (especially when in the common case there will only be one) is asking for trouble. I know that they'd be breaking the spec if they didn't, but that isn't going to be any consolation when they get tricked. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 23 July 2009 06:05:25 UTC