Re: ISSUE-90: Exposing more (~infinite) response headers [CORS]

Anne van Kesteren wrote:
> On Tue, 16 Jun 2009 16:18:25 +0200, Web Applications Working Group Issue 
> Tracker <sysbot+tracker@w3.org> wrote:
>> In
>>
>>   http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html
>>
>> Mark Nottingham comments on the asymmetry of exposing the body of the 
>> response but only a tiny subset of the headers. He argues for
>>
>>  * Expanding this whitelist and
>>  * Giving responses of resources a way to indicate which headers are 
>> ok to expose
>>
>> or
>>
>>  * Turning it into a blacklist
>>
>> He indicated he was not satisfied deferring this issue to CORS2 and 
>> considers it a showstopper for CORS1.
> 
> To resolve ISSUE-90 I added a new header Access-Control-Expose-Headers 
> that controls which additional headers are exposed to the API.
> 
> http://dev.w3.org/2006/waf/access-control/#http-access-control-expose-headers 

fantastic :)!

Received on Tuesday, 15 June 2010 12:37:35 UTC