Anne van Kesteren wrote:
On Thu, 14 Feb 2008 06:59:29 +0100, John Panzer <[EMAIL PROTECTED]> wrote:
Anne van Kesteren wrote:
This is currently not the case for XMLHttpRequest level 2. Based on
feedback from Mozilla only Accept and Accept-Language can be set for
cross-site requests.
(Aside: Surely Content-Type is allowed as well?)
Currently, no.
In that case, AtomPub among other things is right out, as it needs a
Content-Type of application/atom;type=entry on POST and PUT.
...
I agree that it provides a lot of limitations. I believe the primary
concern is not provide new attack vectors. GET requests you can
currently issue don't allow setting of custom headers, for instance.
However, this concern does not apply to POST/PUT, etc. as there you
make an initial request to see if the server is ok with it.
Jonas?
I think it's too restrictive (at least for POST/PUT, where you often
need to send additional metadata in headers).
