Re: XHR's setRequestHeader and the Do Not Track (DNT) header from Anne van Kesteren on 2012-05-09 (public-webapps@w3.org from April to June 2012)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 9 May 2012 23:38:56 +0200
To: Ian Melven <imelven@mozilla.com>
Cc: public-webapps@w3.org, Sid Stamm <sid@mozilla.com>, Tom Lowenthal <tom@mozilla.com>, Adam Barth <w3c@adambarth.com>
Message-ID: <CADnb78iQe4Q3cHCiqOpwK7ZUr_8HRo8XrKSMYXT_OUzyOoqXtA@mail.gmail.com>

On Tue, May 8, 2012 at 9:34 PM, Ian Melven <imelven@mozilla.com> wrote:
> i'd like to propose that the Do Not Track header (see http://www.w3.org/TR/tracking-dnt/#dnt-header-field) "DNT"
> be added to the list of request headers not allowed to be set via XHR's setRequestHeader method (see
> http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-setrequestheader%28%29-method)

That shouldn't be a problem. I wonder, should we remove the "Sec-"
handling? That was suggested at some point as we are special casing
header naming, but it does not appear to be used. And given that
updating this magic list is not really a big problem and browsers are
updated quick enough maybe that is just as well.

-- 
Anne — Opera Software
http://annevankesteren.nl/
http://www.opera.com/

Received on Thursday, 10 May 2012 01:24:58 UTC