- From: Anne van Kesteren <annevk@opera.com>
- Date: Sat, 13 Jun 2009 17:37:23 +0200
- To: "Alexey Proskuryakov" <ap@webkit.org>
- Cc: public-webapps <public-webapps@w3.org>
On Wed, 01 Apr 2009 12:11:35 +0200, Anne van Kesteren <annevk@opera.com> wrote: > On Wed, 01 Apr 2009 12:05:08 +0200, Alexey Proskuryakov <ap@webkit.org> > wrote: >> As there seems to be no danger in allowing this header for same origin >> requests, I'd suggest removing it from the list of forbidden headers. >> As mentioned in this thread, there are valid reasons to control it >> explicitly. > > Actually, I suppose we can also allow it for cross-origin requests now > the server has to explicitly opt-in for each and every header. Removed from the list. -- Anne van Kesteren http://annevankesteren.nl/
Received on Saturday, 13 June 2009 15:38:02 UTC