Re: [XMLHttpRequest2] response headers for cross-site requests

On Tue, 08 Apr 2008 19:30:42 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> I'd wonder what the purprose of this is? I.e. what's the usecase?

The main use case for not restricting headers too much is that it gives  
more consistency with same-origin requests. This presumably allows the  
same kind of scenarios that nowadays happen same-origin to be done non  
same-origin.


> We don't want to allow access to cookie and authentication headers,  
> right?

Right.


> Are you sure there are not anything else like it as well that authors  
> won't unintentionally expose?

That's what I'm asking for, I suppose.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Tuesday, 8 April 2008 17:36:49 UTC