On Thu, 26 Jul 2007 13:34:39 +0200, Anne van Kesteren <[EMAIL PROTECTED]> wrote:
Why prevent a user from setting the "Content-Access-Control" header? That is generally a response header and I'd expect servers to ignore it.If requests with arbitrary headers set can harm a server they are already vulnerable. Is it really wise to restrict this?
Actually, this is untrue for intranets and such. Hmm. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
