Re: Headers / caches proposal (revised) from Mark Nottingham on 2006-05-03 (public-webapi@w3.org from May 2006)

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Tue, 2 May 2006 18:11:26 -0700
To: Maciej Stachowiak <mjs@apple.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>
Message-Id: <0E4C8AD9-6B60-4918-A0BC-5F39D09C3D31@yahoo-inc.com>

On 2006/05/02, at 1:33 AM, Maciej Stachowiak wrote:

> Combining these lists, your list does not include Connection,  
> Upgrade, Expect, Via, From, Max-Forwards or Proxy-Authorization.  
> Are you convinced all those are safe? Do you think my specific  
> justifications for Connection, Upgrade and Expect were wrong?

WRT Connection: Mark Baker made an argument that someone may design  
an extension that is hop-by-hop, and therefore needs to be added to  
Connection. Note that the proposal doesn't allow it to be  
overwritten; only appended to.

WRT Upgrade: I think you're right.

WRT Expect: I think you're right, but there should also be a section  
about E/C handling in send().

WRT From: I don't think any software actually uses this to inform  
behaviour; it's just a way to give a more persistent address for the  
user.

WRT Max-Forwards: I'm ambivalent about this one. It could be useful  
in debugging proxies, etc. and it has pretty well-defined behaviour...

WRT Proxy-Authorization: Authorization is allowed to be overwritten,  
so it seems reasonable to allow Proxy-Auth too (although the use case  
would indeed be pretty esoteric; I suppose someone doing something  
inside the firewall might want to do something here...)

> Your list also includes Accept-Charset, I think that one could  
> reasonably either be forbidden or allowed.

Does DOMString expose the character encoding? I thought it was just a  
character abstraction based on Unicode (again, I'm not a DOM expert,  
much less an i18n one...)

> I also think the spec should justify why headers are disallowed  
> rather than just stating it, it seems oddly out of context to just  
> give an arbitrary list.

It was discussed at the F2F yesterday; that might be contributing to  
that oddness. I agree there should be justification, but I don't know  
that the spec text needs to show the math, so to speak.

I'll send out a revised proposal shortly.

Cheers,

--
Mark Nottingham
mnot@yahoo-inc.com

Received on Wednesday, 3 May 2006 01:11:54 UTC