- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 9 May 2012 23:38:56 +0200
- To: Ian Melven <imelven@mozilla.com>
- Cc: public-webapps@w3.org, Sid Stamm <sid@mozilla.com>, Tom Lowenthal <tom@mozilla.com>, Adam Barth <w3c@adambarth.com>
On Tue, May 8, 2012 at 9:34 PM, Ian Melven <imelven@mozilla.com> wrote: > i'd like to propose that the Do Not Track header (see http://www.w3.org/TR/tracking-dnt/#dnt-header-field) "DNT" > be added to the list of request headers not allowed to be set via XHR's setRequestHeader method (see > http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-setrequestheader%28%29-method) That shouldn't be a problem. I wonder, should we remove the "Sec-" handling? That was suggested at some point as we are special casing header naming, but it does not appear to be used. And given that updating this magic list is not really a big problem and browsers are updated quick enough maybe that is just as well. -- Anne — Opera Software http://annevankesteren.nl/ http://www.opera.com/
Received on Thursday, 10 May 2012 01:24:58 UTC