- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 25 Feb 2008 21:49:55 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Fri, 22 Feb 2008 06:47:24 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > So this means that we're saying that if the server sends a response like > > Access-Control: allow <*> > > to an OPTIONS request, the server should be prepared to handle requests > that contain *any* user set header? I know we've talked about having > another header in the reply to the OPTIONS request that specified which > headers would be allowed. This would make me feel safer to be honest. I don't think we should go there. That would complicate things a lot and given that the headers will not be part of the OPTIONS request I don't really see the problem. Also note that we had something like that before for HTTP methods and removed it. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 25 February 2008 20:45:06 UTC