Re: XHR LC comments

On Wed, 14 May 2008, Bjoern Hoehrmann wrote:
> 
> Note that there are more headers on the list than the ones listed above, 
> specifically Proxy-*, Sec-*, and it is unclear how to handle, say, the 
> Cookie and Authorization header.

I think I would lump the Cookie, Cookie2, and Authorization headers in the 
same bucket as, e.g., Host -- these are headers that the UA should be 
setting and not headers that should be under author control.

Incidentally, I think I would recommend removing the blacklist from AC, 
since AC has a whitelist. Having both seems pointless.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 14 May 2008 20:46:13 UTC