- From: Mark Baker <distobj@acm.org>
- Date: Tue, 2 May 2006 18:45:16 -0700
- To: "Mark Nottingham" <mnot@yahoo-inc.com>
- Cc: "Maciej Stachowiak" <mjs@apple.com>, "Web APIs WG (public)" <public-webapi@w3.org>
On 5/2/06, Mark Nottingham <mnot@yahoo-inc.com> wrote: > > > On 2006/05/02, at 1:33 AM, Maciej Stachowiak wrote: > > > Combining these lists, your list does not include Connection, > > Upgrade, Expect, Via, From, Max-Forwards or Proxy-Authorization. > > Are you convinced all those are safe? Do you think my specific > > justifications for Connection, Upgrade and Expect were wrong? > > WRT Connection: Mark Baker made an argument that someone may design > an extension that is hop-by-hop, and therefore needs to be added to > Connection. Note that the proposal doesn't allow it to be > overwritten; only appended to. Right. > > WRT Upgrade: I think you're right. Ditto. > WRT Expect: I think you're right, but there should also be a section > about E/C handling in send(). I could see it being useful, though I don't know if current implementations would handle Continue. > WRT From: I don't think any software actually uses this to inform > behaviour; it's just a way to give a more persistent address for the > user. I don't see any problem with this in the single domain case. > WRT Max-Forwards: I'm ambivalent about this one. It could be useful > in debugging proxies, etc. and it has pretty well-defined behaviour... I think that unless there's a clear reason to disallow a header, that it should be allowed, so I'm happy to leave it off the list. > WRT Proxy-Authorization: Authorization is allowed to be overwritten, > so it seems reasonable to allow Proxy-Auth too (although the use case > would indeed be pretty esoteric; I suppose someone doing something > inside the firewall might want to do something here...) Right. Mark.
Received on Wednesday, 3 May 2006 01:45:20 UTC