W3C home > Mailing lists > Public > public-webapi@w3.org > April 2008

Re: [XMLHttpRequest2] response headers for cross-site requests

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 08 Apr 2008 19:36:34 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.t9ay68c964w2qv@annevk-t60.oslo.opera.com>

On Tue, 08 Apr 2008 19:30:42 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> I'd wonder what the purprose of this is? I.e. what's the usecase?

The main use case for not restricting headers too much is that it gives  
more consistency with same-origin requests. This presumably allows the  
same kind of scenarios that nowadays happen same-origin to be done non  

> We don't want to allow access to cookie and authentication headers,  
> right?


> Are you sure there are not anything else like it as well that authors  
> won't unintentionally expose?

That's what I'm asking for, I suppose.

Anne van Kesteren
Received on Tuesday, 8 April 2008 17:36:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:10:00 UTC