I offered a proposed list of request headers for the whitelist here:
http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0282.html
Since the recent draft includes explicit information on including
Authentication and Cookie support, the end-portion of the above post
is out-of-date.
Mike
However, maybe we should simply remove those and always require a
preflight request for a request with "custom" headers. Not sure.
I think it's useful to have a white-list of headers that should be safe
for GET requests without a pre-flight request. I would actually like to
expand the list a
On Mon, 7 Apr 2008, Jonas Sicking wrote:
>
> I do not think we are ready to go into Last Call. There is a major
> outstanding issue, which is if cookies and auth headers should be
> included. Implementation wise this is easy to change, but it
> significantly changes the semantics of the spec,
On Tue, 08 Apr 2008 01:31:23 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
I do not think we are ready to go into Last Call. There is a major
outstanding issue, which is if cookies and auth headers should be
included. Implementation wise this is easy to change, but it
significantly change
Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers as per my
proposal earlier:
http://www.w3.org/mid/[EMAIL PROTECTED]
http://dev.w3.org/2006/waf/access-control/
Nothing else has ch
Anne van Kesteren wrote:
On Mon, 07 Apr 2008 21:18:03 +0200, Elias Sinderson <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for
Cross-site Requests specification to include support for HTTP
headers [...] Nothing else has changed
On Mon, 07 Apr 2008 21:18:03 +0200, Elias Sinderson <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers [...]
Nothing else has changed because no other changes
Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers [...]
Nothing else has changed because no other changes have been proposed.
Hi Anne, All,
Thanks for the update, much appreciated.
I see
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers as per my
proposal earlier:
http://www.w3.org/mid/[EMAIL PROTECTED]
http://dev.w3.org/2006/waf/access-control/
Nothing else has changed because no other ch
