- From: Robin Berjon <robin.berjon@expway.fr>
- Date: Thu, 6 Apr 2006 15:34:24 +0200
- To: Jim Ley <jim@jibbering.com>
- Cc: <public-webapi@w3.org>
On Apr 06, 2006, at 10:46, Jim Ley wrote:
> "Mark Nottingham" <mnot@yahoo-inc.com>
>> It seems a *little* draconian to not allow the user to control If-
>> Modified-Since, If-None-Match and If-Range. Range should
>> definitely be available to users; somebody might know what
>> they're doing. :)
>
> Definately this is required, I though this was already agreed
> actually...
It was agreed, it just didn't make it into the draft somehow.
>> The Referer header MUST be set, and MUST NOT be overridable; once
>> cross-site XHR is available, sites will want to use it for
>> security, logging, etc.
>
> I don't agree with this, a user agent MUST be allowed to anonymise
> browsing, tracking users is not a suitable reason for changing this
> behaviour.
Agreed, people using Referer for security should be transferred to
another department. It should definitely be possible to remove it.
--
Robin Berjon
Senior Research Scientist
Expway, http://expway.com/
Received on Thursday, 6 April 2006 13:34:31 UTC