- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 19 Apr 2010 21:20:34 +0200
- To: Tyler Close <tyler.close@gmail.com>
- CC: Maciej Stachowiak <mjs@apple.com>, Jonas Sicking <jonas@sicking.cc>, Ben Laurie <benl@google.com>, Arthur Barstow <Art.Barstow@nokia.com>, ext Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On 19.04.2010 20:30, Tyler Close wrote: > ... >> Again: did you check all the headers in the permanent registry? If you did, >> why are the ones (which are just examples) missing? And what's the reason to >> default to strip general headers and response headers? > > Again, the model is to define a minimal whitelist and enable servers > to explicitly extend the minimal whitelist. The default members of the > whitelist only exist as a convenience, so that servers don't have to > explicitly list them on every response. > > Also, asking a static specification to keep up with a mutable registry > is not feasible. > ... Yes. That's exactly the reason why a whitelist is wrong choice. Best regards, Julian
Received on Monday, 19 April 2010 19:21:33 UTC