Re: [XHR2] Feedback on sec-* headers

On 22/02/2011, at 1:08 PM, Adam Barth wrote:

> I'm not sure I understand how this would work.  Let's take the example
> of Sec-WebSocket-Key.  When would the user agent send XHR2-Secure:
> Sec-WebSocket-Key ?

Ah, I see; you want to dynamically prohibit the client sending a header, rather than declare what headers the client didn't allow modification of.

A separate header won't help you, no.  

The problems I brought up still stand, however. I think we need to have a discussion about how much convenience the implementers really need here, and also to look at the impact on the registration procedure for HTTP headers.


Mark Nottingham

Received on Tuesday, 22 February 2011 02:28:31 UTC