Re: UMP / CORS: Implementor Interest

On 12.05.2010 22:39, Nathan wrote:
> Devdatta wrote:
>>> As for the "should CORS exist" discussion, I'll bow out of those until
>>> we're starting to move towards officially adopting a WG decision one
>>> way or another, or genuinely new information is provided which would
>>> affect such a decision (for the record, I don't think I've seen any
>>> new information provided since last fall's TPAC).
>>
>> exactly -- I don't see this thread getting anywhere.
>
> Vendors & Spec writers,
>
> What would be really nice is if you gave us server admins, application
> server-side developers and data publishers a say in this.
>
> Thus I'll propose a new header:
>
> Allow-XHR = "Allow-XHR" ":" Allow-XHR-v
> Allow-XHR-v = "none" | "negotiate" | "all"
>
> "none" defines no XHR access
>
> "negotiate" defines the UA should negotiate CORS or UMP headers (leave
> that up to you guys to decide what's best ;)
>
> "all" defines that the UA should process the XHR request as a normal
> client HTTP request leaving all information + headers intact.
> ...

 From the side line: I hear that people were worried about having to add 
new response headers just for CORS & friends. Was it ever discussed to 
send these response headers only based on something in the *request*?

Best regards, Julian

Received on Thursday, 13 May 2010 10:06:33 UTC