On Feb 13, 2007, at 8:11 AM, Julian Reschke wrote:
Anne van Kesteren schrieb:
On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke
<[EMAIL PROTECTED]> wrote:
I think the spec needs to be carefully checked for usage of
RFC2119/BCP14 terminology. For instance (<http://dev.w3.org/
cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?
content-type=text/html;%20charset=utf-8#dfn-setrequestheader>):
"For security reasons nothing SHOULD be done if the header
argument matches one of the following headers case-insensitively:"
I think I understand what the intent is, but maybe it should be
rephrased to:
"For security reasons, a server SHOULD ignore any attempt to
modify any of the headers below (header names being matched case-
insensitively):"
I don't understand this suggestion. Are you sure you understand
what the section is about?
Yes. The problem is the spec saying "...nothing SHOULD be done...".
I think it's better to be explicit what the implementation should
do (in this case, ignore the method call).
I agree that using active voice is better than using passive voice,
but there are no requirements being imposed on the server here
(wouldn't make sense for XMLHttpRequest to do that).
- Maciej
