- From: Óscar Toledo G. <uno@biyubi.com>
- Date: Wed, 19 Jul 2006 19:37:09 GMT
- To: Mark Nottingham <mnot@yahoo-inc.com>
- CC: <public-webapi@w3.org>
> Content-MD5 is not set by most UAs, and so it's useful for the author > to set it manually. While it may be difficult to calculate (esp. if > the content is a DOMString), it's certainly possible. Calculating Content-MD5 inside the UA is a valuable feature, that removes burden on the user. I suggest two things for the draft: * isSupported("hash-md5") method, so the user can check if his own MD5 script is needed on the transition phase. * Calculate MD5 automatically if Content-MD5 appears on setRequestHeader. > Likewise, From is not normally set by UAs automatically, and it might > be useful in some contexts. The From header raises privacy concerns, if the XHR supports it, the user must be able to disable it. > I can easily see a case where a library or other XHR application > might want to append something to the UA header. I think that the User-Agent must identify unequivocally software implementing XHR, if it is modified, it can easily tell incorrect information to the server, specially on cross-site XHR. Most UA headers already are long enough. Truly Óscar Toledo G. http://www.biyubi.com/
Received on Wednesday, 19 July 2006 19:47:28 UTC