- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 08 Apr 2008 19:36:34 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Web API WG (public)" <public-webapi@w3.org>
On Tue, 08 Apr 2008 19:30:42 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > I'd wonder what the purprose of this is? I.e. what's the usecase? The main use case for not restricting headers too much is that it gives more consistency with same-origin requests. This presumably allows the same kind of scenarios that nowadays happen same-origin to be done non same-origin. > We don't want to allow access to cookie and authentication headers, > right? Right. > Are you sure there are not anything else like it as well that authors > won't unintentionally expose? That's what I'm asking for, I suppose. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 8 April 2008 17:36:49 UTC