Web Applications Working Group Issue Tracker wrote:
ISSUE-24 (Allow List Scope): Which headers should be allowed in the Allow List?
[Access Control]
http://www.w3.org/2008/webapps/track/issues/
Raised by: Doug Schepers
On product: Access Control
What is the full range of headers that should be allowed in AC? What is the
process to add them?
To be specific, this is about which headers are in the white-list of
headers that do not need preflight checking for GET requests. Currently
the list is only:
Accept
Accept-Language
but we might want to add more. However note that any other header can be
sent, but requires explicit opt-in from the server.
/ Jonas
