- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 09 Jul 2008 16:08:32 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- CC: Anne van Kesteren <annevk@opera.com>, Sunava Dutta <sunavad@windows.microsoft.com>, WebApps WG <public-webapps@w3.org>
Maciej Stachowiak wrote: > > On Jul 9, 2008, at 3:17 PM, Anne van Kesteren wrote: > >> >> On Wed, 09 Jul 2008 23:54:17 +0200, Sunava Dutta >> <sunavad@windows.microsoft.com> wrote: >>> I prefer >>> Access-control: * >>> Access-control: <URL> >> >> I suppose it would be slightly shorter, but it's also less clear. > > I would be in favor of Access-Control or Access-Control-Allow, I think > Access-Control-Origin and Origin are confusing in combination. It seems > unclear from the names which is a request header and which is a response > header. Agreed. I also think that putting a somewhat more verbose syntax will give us a better forwards compat story. For example Access-Control: allow-without-query-parameters <*> or Access-Control: allow-only-tuesdays <*> I have a hard time believing that we would never find it useful to extend the syntax in future versions of the spec. I also as an implementor don't find it hard to strip out "allow <" before the origin. I also find it very useful that you can just look at the header in order to realize that it is granting some sort of access, which putting the word "allow" in the syntax does. So either Access-control: allow <*> or Access-control-Allow: * fulfills that. That said, I would be ok with simply Access-Control: * as well. If we need degradation in the future we can always invent new headers... / Jonas
Received on Wednesday, 9 July 2008 23:09:34 UTC