W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

[CORS] Understanding the definition of simple headers

From: Monsur Hossain <monsur@gmail.com>
Date: Wed, 21 Aug 2013 00:12:32 -0500
Message-ID: <CAKSyWQ=JgYOChpqqxKr14eRTi3xLW1ZHxyjjO0V=vAk3jYC-YQ@mail.gmail.com>
To: public-webappsec@w3.org
The latest CORS spec defines the simple headers as Accept, Accept-Language
and Content-Language. However the spec doesn't provide any insight into why
these particular headers are special. What is the motivation for defining
these as simple headers? My initial assumption was that a preflight was
required for any cross-origin request that couldn't be done before the CORS
spec existed. But its not clear to me how an author could set these simple
headers on cross-origin requests before CORS.

Received on Wednesday, 21 August 2013 05:12:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC