- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 22 Feb 2011 14:19:58 +0100
- To: Anne van Kesteren <annevk@opera.com>
- CC: Adam Barth <w3c@adambarth.com>, Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On 22.02.2011 12:52, Anne van Kesteren wrote: > On Tue, 22 Feb 2011 03:28:00 +0100, Mark Nottingham <mnot@mnot.net> wrote: >> The problems I brought up still stand, however. I think we need to >> have a discussion about how much convenience the implementers really >> need here, and also to look at the impact on the registration >> procedure for HTTP headers. > > This is not about convenience for implementors. This is about allowing > specifications to introduce headers that cannot be spoofed via > XMLHttpRequest. It would be good if this could be rephrased as a general design question, and specified in a way that it also applies in other contexts (such as browser plugins doing HTTP, applets, Flash, Silverlight, whatnot). BR, Julian
Received on Tuesday, 22 February 2011 13:27:16 UTC