Morgan L wrote:
Hi, I'm writing about what appears to be an error in
the XHR TR.

In section 2 of,
it says that setRequestHeader should reject the
connection header.

However, there are web apps in existence (e.g., Gmail)
that set the "connection: close" header to inform the
user-agent that the HTTP transaction is going to take
a long time.  (This is also informative for the
server.)  This allows a user-agent to not count this
connection against the RFC 2616 recommended maximum of
2 persistent connections per host.

So, it seems to me that the arguments
setRequestHeader("connection", "close") should be

More details in this WebKit bug:

It looks like recent versions of WebKit and Gecko
block the "connection" request header per this TR. However, Firefox 2 does not.

We do block, but not because of this TR. IIRC there are security issues with other values for connection, though I don't specifically remember what they are. However setting something like "connection: keep-alive" when the browser is not expecting that could have bad effects on other connections to that server.

/ Jonas

Reply via email to