- From: Nathan <nathan@webr3.org>
- Date: Wed, 12 May 2010 21:39:26 +0100
- To: Devdatta <dev.akhawe@gmail.com>
- CC: Jonas Sicking <jonas@sicking.cc>, Tyler Close <tyler.close@gmail.com>, Ian Hickson <ian@hixie.ch>, Arthur Barstow <Art.Barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>
Devdatta wrote: >> As for the "should CORS exist" discussion, I'll bow out of those until >> we're starting to move towards officially adopting a WG decision one >> way or another, or genuinely new information is provided which would >> affect such a decision (for the record, I don't think I've seen any >> new information provided since last fall's TPAC). > > exactly -- I don't see this thread getting anywhere. Vendors & Spec writers, What would be really nice is if you gave us server admins, application server-side developers and data publishers a say in this. Thus I'll propose a new header: Allow-XHR = "Allow-XHR" ":" Allow-XHR-v Allow-XHR-v = "none" | "negotiate" | "all" "none" defines no XHR access "negotiate" defines the UA should negotiate CORS or UMP headers (leave that up to you guys to decide what's best ;) "all" defines that the UA should process the XHR request as a normal client HTTP request leaving all information + headers intact. Best, Nathan
Received on Wednesday, 12 May 2010 20:40:56 UTC