- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 23 Jul 2009 16:06:30 +1000
- To: Ian Hickson <ian@hixie.ch>
- Cc: Adam Barth <w3c@adambarth.com>, Anne van Kesteren <annevk@opera.com>, "collinj@cs.stanford.edu" <collinj@cs.stanford.edu>, HTTP Working Group <ietf-http-wg@w3.org>
If they're using CGI or pretty much any Web framework, it'll be done for them automatically. This is actually very well-implemented. On 23/07/2009, at 4:04 PM, Ian Hickson wrote: > On Wed, 22 Jul 2009, Adam Barth wrote: >> >> I wonder if this syntax would work for CORS too? We can take the >> discussion to web-apps if you like, but the idea is if you get a >> redirect (e.g., of a DELETE), then you can add a second Origin >> header to >> the request instead of modifying the existing header. > > I think that relying on sites to handle multiple headers correctly > (especially when in the common case there will only be one) is > asking for > trouble. I know that they'd be breaking the spec if they didn't, but > that > isn't going to be any consolation when they get tricked. > > -- > Ian Hickson U+1047E ) > \._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _ > \ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'-- > (,_..'`-.;.' -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 23 July 2009 06:07:11 UTC