[CORS] Understanding the definition of simple headers from Monsur Hossain on 2013-08-21 (public-webappsec@w3.org from August 2013)

From: Monsur Hossain <monsur@gmail.com>
Date: Wed, 21 Aug 2013 00:12:32 -0500
To: public-webappsec@w3.org
Message-ID: <CAKSyWQ=JgYOChpqqxKr14eRTi3xLW1ZHxyjjO0V=vAk3jYC-YQ@mail.gmail.com>

The latest CORS spec defines the simple headers as Accept, Accept-Language
and Content-Language. However the spec doesn't provide any insight into why
these particular headers are special. What is the motivation for defining
these as simple headers? My initial assumption was that a preflight was
required for any cross-origin request that couldn't be done before the CORS
spec existed. But its not clear to me how an author could set these simple
headers on cross-origin requests before CORS.

Thanks,
Monsur

Received on Wednesday, 21 August 2013 05:12:58 UTC