On 22.02.2011 12:52, Anne van Kesteren wrote:
On Tue, 22 Feb 2011 03:28:00 +0100, Mark Nottingham <[email protected]> wrote:
The problems I brought up still stand, however. I think we need to
have a discussion about how much convenience the implementers really
need here, and also to look at the impact on the registration
procedure for HTTP headers.
This is not about convenience for implementors. This is about allowing
specifications to introduce headers that cannot be spoofed via
XMLHttpRequest.
It would be good if this could be rephrased as a general design
question, and specified in a way that it also applies in other contexts
(such as browser plugins doing HTTP, applets, Flash, Silverlight, whatnot).
BR, Julian
