On Apr 06, 2006, at 10:46, Jim Ley wrote:
"Mark Nottingham" <[EMAIL PROTECTED]>
It seems a *little* draconian to not allow the user to control If-
Modified-Since, If-None-Match and If-Range. Range should
definitely be available to users; somebody might know what
they're doing. :)
Definately this is required, I though this was already agreed
actually...
It was agreed, it just didn't make it into the draft somehow.
The Referer header MUST be set, and MUST NOT be overridable; once
cross-site XHR is available, sites will want to use it for
security, logging, etc.
I don't agree with this, a user agent MUST be allowed to anonymise
browsing, tracking users is not a suitable reason for changing this
behaviour.
Agreed, people using Referer for security should be transferred to
another department. It should definitely be possible to remove it.
--
Robin Berjon
Senior Research Scientist
Expway, http://expway.com/
