On 18.04.2010 22:29, Tyler Close wrote:
If Mozilla agrees to implement it, I'd like UMP to specify a new
header named "U" whose value is either "*" or a list of allowed
response headers. A response with this header is opting out of Same
Origin Policy protection for both the response entity and the listed
response headers. The response is not required to also include the
Access-Control-Allow-Origin header, but can for compatibility with
current implementations.
This solution would get two birds with one stone, allowing use to
deprecate the verbose and misleading header name that mnot also
complained about.
Beware. There is both too much verbosity and too little. You might want
to run that header name through the Designated Experts for header names
before deployment.
Best regards, Julian
