On Wed, Feb 11, 2015 at 1:10 PM, Arthur Barstow <art.bars...@gmail.com> wrote: > WebApps - please note the draft spec includes a new XHR property > "withRefererTokenBindingID" > <https://tools.ietf.org/html/draft-balfanz-https-token-binding-00#section-3.4>. > > If anyone has feedback about the proposal, please send it to the > unbearable @ ietf.org list. However, comments related to the XHR aspect > should be Cc/Bcc to public-webapps.
Relatively recently we decided not to extend XMLHttpRequest further and prioritize fetch(). Can we expect a more concrete proposal to revise either or is this it? One problem with this proposal is that it does not use the Sec-* convention for headers so the header can be spoofed... -- https://annevankesteren.nl/