On Mon, 07 Apr 2008 21:18:03 +0200, Elias Sinderson <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers [...]
Nothing else has changed because no other changes have been proposed.
Thanks for the update, much appreciated.
I see no mention of If-* headers and cannot recall there being reason
provided to omit them (on-list, at least). Certainly being able to make
conditional requests that would otherwise be allowed as non-conditional
should be allowed?
They are allowed. Though even for GET requests they would require a
preflight request first. Currently the only headers that are allowed
without preflight (only GET requests can go without a preflight) are
Accept and Accept-Language, based on earlier feedback from Ian Hickson.
However, maybe we should simply remove those and always require a
preflight request for a request with "custom" headers. Not sure.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
