- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 26 Jul 2007 13:36:09 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>, "Web APIs WG" <public-webapi@w3.org>
On Thu, 26 Jul 2007 13:34:39 +0200, Anne van Kesteren <annevk@opera.com> wrote: >> Why prevent a user from setting the "Content-Access-Control" header? >> That is generally a response header and I'd expect servers to ignore it. > > If requests with arbitrary headers set can harm a server they are > already vulnerable. Is it really wise to restrict this? Actually, this is untrue for intranets and such. Hmm. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 26 July 2007 11:36:24 UTC