- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 21 Feb 2011 15:06:57 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, ietf-http-wg@w3.org
I'm not sure I quite follow. The only thing special about Sec- headers is that they can't be set using the XMLHttpRequest API. That seems like a reasonable thing for the XMLHttpRequest API to define irrespective of other uses of HTTP. Adam On Mon, Feb 21, 2011 at 2:18 PM, Mark Nottingham <mnot@mnot.net> wrote: > Thanks, Bjoern. I think the underlying issue is whether a W3C draft should unilaterally make such a declaration; it's kind of a one-time thing. I.e., if another use case comes along and declares *their* special prefix, it'll be impractical. > > I'll put on my liaison hat and bring it up with the W3C. > > Cheers, > > > On 22/02/2011, at 8:14 AM, Bjoern Hoehrmann wrote: > >> Hi, >> >> Over in the hybi Working Group the issue of "Sec-*" headers came up. >> The XMLHttpRequest draft says "Header names starting with Sec- are not >> allowed to be set to allow new headers to be minted that are guaranteed >> not to come from XMLHttpRequest." It seems to me that if "Sec-*" headers >> are somehow special, that is something the core specifications needs to >> mention, like in the header registration specification, but I could not >> find anything there from a quick look. >> >> regards, >> -- >> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de >> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de >> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ >> > > -- > Mark Nottingham http://www.mnot.net/ > > > > >
Received on Monday, 21 February 2011 23:08:04 UTC