[webappsec] CORS bug 19315 from Hill, Brad on 2012-10-26 (public-webappsec@w3.org from October 2012)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Fri, 26 Oct 2012 23:40:34 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>, "WebApps WG (public-webapps@w3.org)" <public-webapps@w3.org>
CC: "Anne van Kesteren (annevk@annevk.nl)" <annevk@annevk.nl>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E2AB22A@DEN-EXDDA-S12.corp.ebay.com>

http://lists.w3.org/Archives/Public/public-webappsec/2012Oct/0004.html

This bug report on CORS, that the "Last-Event-ID" header should be a simple header, (along with Origin and Referer based on the status of actual implementations) is the last substantive change to the document that remains unresolved.

I would like to propose we add "Last-Event-ID", "Origin" and "Referer" to the set of simple headers.   Are there any objections, concerns or comments?

Thank you,
-Brad Hill

Received on Friday, 26 October 2012 23:41:05 UTC