Re: [XHR2] Feedback on sec-* headers

On 22.02.2011 12:52, Anne van Kesteren wrote:
> On Tue, 22 Feb 2011 03:28:00 +0100, Mark Nottingham <mnot@mnot.net> wrote:
>> The problems I brought up still stand, however. I think we need to
>> have a discussion about how much convenience the implementers really
>> need here, and also to look at the impact on the registration
>> procedure for HTTP headers.
>
> This is not about convenience for implementors. This is about allowing
> specifications to introduce headers that cannot be spoofed via
> XMLHttpRequest.

It would be good if this could be rephrased as a general design 
question, and specified in a way that it also applies in other contexts 
(such as browser plugins doing HTTP, applets, Flash, Silverlight, whatnot).

BR, Julian

Received on Tuesday, 22 February 2011 13:27:16 UTC