- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 13 Feb 2007 08:20:40 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Anne van Kesteren <annevk@opera.com>, "Web API WG (public)" <public-webapi@w3.org>
On Feb 13, 2007, at 8:11 AM, Julian Reschke wrote: > > Anne van Kesteren schrieb: >> On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke >> <julian.reschke@gmx.de> wrote: >>> I think the spec needs to be carefully checked for usage of >>> RFC2119/BCP14 terminology. For instance (<http://dev.w3.org/ >>> cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html? >>> content-type=text/html;%20charset=utf-8#dfn-setrequestheader>): >>> >>> "For security reasons nothing SHOULD be done if the header >>> argument matches one of the following headers case-insensitively:" >>> >>> I think I understand what the intent is, but maybe it should be >>> rephrased to: >>> >>> "For security reasons, a server SHOULD ignore any attempt to >>> modify any of the headers below (header names being matched case- >>> insensitively):" >> I don't understand this suggestion. Are you sure you understand >> what the section is about? > > Yes. The problem is the spec saying "...nothing SHOULD be done...". > I think it's better to be explicit what the implementation should > do (in this case, ignore the method call). I agree that using active voice is better than using passive voice, but there are no requirements being imposed on the server here (wouldn't make sense for XMLHttpRequest to do that). - Maciej
Received on Tuesday, 13 February 2007 16:59:41 UTC