Anne van Kesteren schreef:
Currently XMLHttpRequest Level 2 has restrictions on getting response headers when doing a cross-site request. I have a feeling these may be an artifact of the slightly older model.getAllResponseHeaders() returns the empty string currently.getResponseHeader(header) returns null unless header is one of Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma.I think we should be able to change this. (Though we can't expose Set-Cookie and Set-Cookie2 obviously.)
I think Location should be included in that whitelist as well. It is not only used for 3xx redirection headers, but HTTP specifies that it can also be returned after a 201 Created request, to indicate the URL of the newly created resource:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.2 Similarly, the Content-Location header should also be on the white-list.Actually, I think all Content-* headers should be on the white-list, so including Content-MD5, Content-Length, Content-Encoding and Content-Range.
~Grauw -- Ushiko-san! Kimi wa doushite, Ushiko-san nan da!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Laurens Holst, student, university of Utrecht, the Netherlands. Website: www.grauw.nl. Backbase employee; www.backbase.com.
begin:vcard fn:Laurens Holst n:Holst;Laurens email;internet:[EMAIL PROTECTED] tel;cell:(+31) 06-41765048 version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
