On Mon, 20 Jun 2011 12:53:02 +0200, Jonas Sicking <jo...@sicking.cc> wrote:
On Mon, Jun 20, 2011 at 3:22 AM, Anne van Kesteren <ann...@opera.com>
wrote:
Agreed. I can add that to CORS. I already added Last-Event-ID for that
reason, but somehow missed Cache-Control.
Wait, we don't have to add any headers to the CORS spec just because
implementations of various specs needs to send those without doing
preflight. The list of "simple headers" only affects which headers the
*page* can immediately set without a preflight being required, for
example through features like XMLHttpRequest.setRequestHeader.
Headers that the implementation adds doesn't need to be added to this
list. For example the "Host" header is set by the browser in almost
all situations, but it does not need to be added to the list of
"simple headers". Indeed, adding in there would an out right bad idea.
So I'm not convinced that the Last-Event-ID header needs to be in the
list.
We could add Host as authors cannot set that anyway. But what you say
makes sense. I will remove Last-Event-ID and add a note about how that
list works.
--
Anne van Kesteren
http://annevankesteren.nl/
