- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 22 Feb 2011 13:28:00 +1100
- To: Adam Barth <w3c@adambarth.com>
- Cc: public-webapps@w3.org
On 22/02/2011, at 1:08 PM, Adam Barth wrote: > I'm not sure I understand how this would work. Let's take the example > of Sec-WebSocket-Key. When would the user agent send XHR2-Secure: > Sec-WebSocket-Key ? Ah, I see; you want to dynamically prohibit the client sending a header, rather than declare what headers the client didn't allow modification of. A separate header won't help you, no. The problems I brought up still stand, however. I think we need to have a discussion about how much convenience the implementers really need here, and also to look at the impact on the registration procedure for HTTP headers. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 22 February 2011 02:28:31 UTC