On Wed, Feb 11, 2015 at 1:10 PM, Arthur Barstow <art.barstow@gmail.com> wrote: > WebApps - please note the draft spec includes a new XHR property > "withRefererTokenBindingID" > <https://tools.ietf.org/html/draft-balfanz-https-token-binding-00#section-3.4>. > > If anyone has feedback about the proposal, please send it to the > unbearable @ ietf.org list. However, comments related to the XHR aspect > should be Cc/Bcc to public-webapps. Relatively recently we decided not to extend XMLHttpRequest further and prioritize fetch(). Can we expect a more concrete proposal to revise either or is this it? One problem with this proposal is that it does not use the Sec-* convention for headers so the header can be spoofed... -- https://annevankesteren.nl/Received on Wednesday, 11 February 2015 12:19:38 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC