- From: Laurens Holst <lholst@students.cs.uu.nl>
- Date: Thu, 10 Apr 2008 10:42:05 +0200
- To: Anne van Kesteren <annevk@opera.com>
- CC: "Web API WG (public)" <public-webapi@w3.org>
Received on Thursday, 10 April 2008 08:43:33 UTC
Anne van Kesteren schreef: > > Currently XMLHttpRequest Level 2 has restrictions on getting response > headers when doing a cross-site request. I have a feeling these may be > an artifact of the slightly older model. > > getAllResponseHeaders() returns the empty string currently. > > getResponseHeader(header) returns null unless header is one of > Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, > Pragma. > > I think we should be able to change this. (Though we can't expose > Set-Cookie and Set-Cookie2 obviously.) I think Location should be included in that whitelist as well. It is not only used for 3xx redirection headers, but HTTP specifies that it can also be returned after a 201 Created request, to indicate the URL of the newly created resource: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.2 Similarly, the Content-Location header should also be on the white-list. Actually, I think all Content-* headers should be on the white-list, so including Content-MD5, Content-Length, Content-Encoding and Content-Range. ~Grauw -- Ushiko-san! Kimi wa doushite, Ushiko-san nan da!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Laurens Holst, student, university of Utrecht, the Netherlands. Website: www.grauw.nl. Backbase employee; www.backbase.com.
Received on Thursday, 10 April 2008 08:43:33 UTC