- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 23 Jul 2007 09:45:48 +0200
- To: Jonas Sicking <jonas@sicking.cc>
- CC: Web APIs WG <public-webapi@w3.org>
Jonas Sicking wrote: > ... > Yes, if it's a security problem not to. IMHO that should be the > determining factor. > > Actually, I'm wondering if we should disallow any header starting with > "Proxy-". For example Proxy-Authorization header looks scary to me. > ... Well, this is yet another case where the theory of spec writing and practice aren't aligned :-) I'd prefer the spec not to state normative requirements with respect to headers that don't even have a spec. So optimally, write down what you think the header does, and get it registered in the provisional IANA registry. Best regards, Julian
Received on Monday, 23 July 2007 07:47:14 UTC