On Tue, May 8, 2012 at 9:34 PM, Ian Melven <[email protected]> wrote: > i'd like to propose that the Do Not Track header (see > http://www.w3.org/TR/tracking-dnt/#dnt-header-field) "DNT" > be added to the list of request headers not allowed to be set via XHR's > setRequestHeader method (see > http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#the-setrequestheader%28%29-method)
That shouldn't be a problem. I wonder, should we remove the "Sec-" handling? That was suggested at some point as we are special casing header naming, but it does not appear to be used. And given that updating this magic list is not really a big problem and browsers are updated quick enough maybe that is just as well. -- Anne — Opera Software http://annevankesteren.nl/ http://www.opera.com/
