- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 13 May 2010 12:05:37 +0200
- To: nathan@webr3.org
- CC: Devdatta <dev.akhawe@gmail.com>, Jonas Sicking <jonas@sicking.cc>, Tyler Close <tyler.close@gmail.com>, Ian Hickson <ian@hixie.ch>, Arthur Barstow <Art.Barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>
On 12.05.2010 22:39, Nathan wrote: > Devdatta wrote: >>> As for the "should CORS exist" discussion, I'll bow out of those until >>> we're starting to move towards officially adopting a WG decision one >>> way or another, or genuinely new information is provided which would >>> affect such a decision (for the record, I don't think I've seen any >>> new information provided since last fall's TPAC). >> >> exactly -- I don't see this thread getting anywhere. > > Vendors & Spec writers, > > What would be really nice is if you gave us server admins, application > server-side developers and data publishers a say in this. > > Thus I'll propose a new header: > > Allow-XHR = "Allow-XHR" ":" Allow-XHR-v > Allow-XHR-v = "none" | "negotiate" | "all" > > "none" defines no XHR access > > "negotiate" defines the UA should negotiate CORS or UMP headers (leave > that up to you guys to decide what's best ;) > > "all" defines that the UA should process the XHR request as a normal > client HTTP request leaving all information + headers intact. > ... From the side line: I hear that people were worried about having to add new response headers just for CORS & friends. Was it ever discussed to send these response headers only based on something in the *request*? Best regards, Julian
Received on Thursday, 13 May 2010 10:06:33 UTC