Re: XHR's setRequestHeader and the Do Not Track (DNT) header from Anne van Kesteren on 2012-05-14 (public-webapps@w3.org from April to June 2012)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 14 May 2012 16:52:31 +0200
To: Ian Melven <imelven@mozilla.com>
Cc: public-webapps@w3.org, Sid Stamm <sid@mozilla.com>, Tom Lowenthal <tom@mozilla.com>
Message-ID: <CADnb78h=Xx+=7jKgydTkzu=mT5mvp5LRrf9GRiz8KmbTJ=P=fg@mail.gmail.com>

On Tue, May 8, 2012 at 9:34 PM, Ian Melven <imelven@mozilla.com> wrote:
> i'd like to propose that the Do Not Track header (see http://www.w3.org/TR/tracking-dnt/#dnt-header-field) "DNT"
> be added to the list of request headers not allowed to be set via XHR's setRequestHeader method (see
> http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-setrequestheader%28%29-method)

Done: http://dvcs.w3.org/hg/xhr/rev/a4a35861a49d


> there is an additional question of whether a user's Do Not Track setting in the user agent should
> also be added to requests made by XHR - the DNT spec says "A user agent must send the DNT header field on all
> HTTP requests if (and only if) a tracking preference is enabled" which would seem to include XHR...

Unless specified otherwise XMLHttpRequest follows the requirements
from and on HTTP so I don't think anything needs changing here.


Per Adam's comment I have not removed the "Sec-" handling.


-- 
Anne — Opera Software
http://annevankesteren.nl/
http://www.opera.com/

Received on Monday, 14 May 2012 14:53:06 UTC