Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?
On Wed, Dec 21, 2011 at 10:38 PM, Jarred Nicholls jar...@webkit.org wrote: On Wed, Dec 21, 2011 at 9:16 PM, Benson Margulies bimargul...@gmail.com wrote: Chrome sends: Access-Control-Request-Headers:Origin, Content-Type, Accept Is that just wrong? The spec clearly says: author request headers: A list of headers set by authors for the request. Empty, unless explicitly set. So WebKit (something missing)? For me, Chrome 16 sends Origin + all_my_specified_headers, so Chrome is behaving incorrectly. Safari 5.1.2 behaves correctly (though the header list is not lowercased), and Firefox behaves correctly. Jarred, along the lines of my question of 'what is a user header', what spec would one read to learn that lower-casing was correct? I looked for it and did not find it in the CORS draft.
Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?
On 12/22/11 6:17 AM, Benson Margulies wrote: Jarred, along the lines of my question of 'what is a user header', what spec would one read to learn that lower-casing was correct? I looked for it and did not find it in the CORS draft. It's in both http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html and in http://www.w3.org/TR/2010/WD-cors-20100727/ (this last is the current TR version). Just search for lowercase. -Boris
[cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?
Chrome sends: Access-Control-Request-Headers:Origin, Content-Type, Accept Is that just wrong?
Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?
On Wed, Dec 21, 2011 at 9:16 PM, Benson Margulies bimargul...@gmail.comwrote: Chrome sends: Access-Control-Request-Headers:Origin, Content-Type, Accept Is that just wrong? The spec clearly says: author request headers: A list of headers set by authors for the request. Empty, unless explicitly set. So WebKit For me, Chrome 16 sends Origin + all_my_specified_headers, so Chrome is behaving incorrectly. Safari 5.1.2 behaves correctly (though the header list is not lowercased), and Firefox behaves correctly.