- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 22 Feb 2011 10:54:39 +1100
- To: Adam Barth <w3c@adambarth.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, ietf-http-wg@w3.org
I'm following up on the public-webapps@w3.org list. Thread continues here: <http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0618.html> Cheers, On 22/02/2011, at 10:06 AM, Adam Barth wrote: > I'm not sure I quite follow. The only thing special about Sec- > headers is that they can't be set using the XMLHttpRequest API. That > seems like a reasonable thing for the XMLHttpRequest API to define > irrespective of other uses of HTTP. > > Adam > > > On Mon, Feb 21, 2011 at 2:18 PM, Mark Nottingham <mnot@mnot.net> wrote: >> Thanks, Bjoern. I think the underlying issue is whether a W3C draft should unilaterally make such a declaration; it's kind of a one-time thing. I.e., if another use case comes along and declares *their* special prefix, it'll be impractical. >> >> I'll put on my liaison hat and bring it up with the W3C. >> >> Cheers, >> >> >> On 22/02/2011, at 8:14 AM, Bjoern Hoehrmann wrote: >> >>> Hi, >>> >>> Over in the hybi Working Group the issue of "Sec-*" headers came up. >>> The XMLHttpRequest draft says "Header names starting with Sec- are not >>> allowed to be set to allow new headers to be minted that are guaranteed >>> not to come from XMLHttpRequest." It seems to me that if "Sec-*" headers >>> are somehow special, that is something the core specifications needs to >>> mention, like in the header registration specification, but I could not >>> find anything there from a quick look. >>> >>> regards, >>> -- >>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de >>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de >>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ >>> >> >> -- >> Mark Nottingham http://www.mnot.net/ >> >> >> >> >> > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 21 February 2011 23:55:10 UTC