Devdatta wrote:
As for the "should CORS exist" discussion, I'll bow out of those until
we're starting to move towards officially adopting a WG decision one
way or another, or genuinely new information is provided which would
affect such a decision (for the record, I don't think I've seen any
new information provided since last fall's TPAC).
exactly -- I don't see this thread getting anywhere.
Vendors & Spec writers,
What would be really nice is if you gave us server admins, application
server-side developers and data publishers a say in this.
Thus I'll propose a new header:
Allow-XHR = "Allow-XHR" ":" Allow-XHR-v
Allow-XHR-v = "none" | "negotiate" | "all"
"none" defines no XHR access
"negotiate" defines the UA should negotiate CORS or UMP headers (leave
that up to you guys to decide what's best ;)
"all" defines that the UA should process the XHR request as a normal
client HTTP request leaving all information + headers intact.
Best,
Nathan
