- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 15 Jul 2008 08:20:09 +0000 (UTC)
- To: Anne van Kesteren <annevk@opera.com>
- Cc: WebApps WG <public-webapps@w3.org>
On Tue, 15 Jul 2008, Anne van Kesteren wrote: > > CROSS-SITE POST > > We limit the amount of Content-Type header values people can set for the > simple cross-site POST request to those you can use with HTML forms > today. This list will not become a fixed list until we work out how > Access Control for Cross-Site Requests will work together with HTML5 > forms. This will lead to people lying about Content-Types, which is one of the big problems with XDR. I don't think this is a good thing. (In particular, it prevents us from sending XML over XHR, which is dumb given the name of the object if nothing else! Sending JSON and XML are the two biggest use cases of this API.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 15 July 2008 08:20:44 UTC