Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?

On 12/22/11 6:17 AM, Benson Margulies wrote: Jarred, along the lines of my question of 'what is a user header', what spec would one read to learn that lower-casing was correct? I looked for it and did not find it in the CORS draft. It's in both http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.h

Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?

On Wed, Dec 21, 2011 at 10:38 PM, Jarred Nicholls wrote: > On Wed, Dec 21, 2011 at 9:16 PM, Benson Margulies > wrote: >> >> Chrome sends: >> >> Access-Control-Request-Headers:Origin, Content-Type, Accept >> >> Is that just wrong? >> > > The spec clearly says:  "author request headers: A list of h

Re: [cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?

On Wed, Dec 21, 2011 at 9:16 PM, Benson Margulies wrote: > Chrome sends: > > Access-Control-Request-Headers:Origin, Content-Type, Accept > > Is that just wrong? > > The spec clearly says: "author request headers: A list of headers set by authors for the request. Empty, unless explicitly set." So

[cors] Should browsers send non-user-controllable headers in Access-Control-Request-Headers?

Chrome sends: Access-Control-Request-Headers:Origin, Content-Type, Accept Is that just wrong?