I have been studying CORS ISSUE-90 <http://www.w3.org/2008/webapps/track/issues/90>, so as to bring UMP into line with this part of CORS. I can't find any pattern or rationale to the selection of headers on the whitelist versus those not on the whitelist. Does anyone know where this list came from and how it was produced?
If I produce a more comprehensive whitelist for UMP will CORS follow my lead? --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html