- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 13 Feb 2007 17:11:03 +0100
- To: Anne van Kesteren <annevk@opera.com>
- CC: "Web API WG (public)" <public-webapi@w3.org>
Anne van Kesteren schrieb: > On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke > <julian.reschke@gmx.de> wrote: >> I think the spec needs to be carefully checked for usage of >> RFC2119/BCP14 terminology. For instance >> (<http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8#dfn-setrequestheader>): >> >> >> "For security reasons nothing SHOULD be done if the header argument >> matches one of the following headers case-insensitively:" >> >> I think I understand what the intent is, but maybe it should be >> rephrased to: >> >> "For security reasons, a server SHOULD ignore any attempt to modify >> any of the headers below (header names being matched >> case-insensitively):" > > I don't understand this suggestion. Are you sure you understand what the > section is about? Yes. The problem is the spec saying "...nothing SHOULD be done...". I think it's better to be explicit what the implementation should do (in this case, ignore the method call). Best regards, Julian
Received on Tuesday, 13 February 2007 16:11:05 UTC