Anne van Kesteren schrieb:
Hi,
I suggest we publish
http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8
as Last Call Working Draft by next Monday. If you have any objections
please post them to the public list.
(Please remove the member list on follow-up e-mail.)
Cheers,
I think the spec needs to be carefully checked for usage of
RFC2119/BCP14 terminology. For instance
(<http://dev.w3.org/cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html?content-type=text/html;%20charset=utf-8#dfn-setrequestheader>):
"For security reasons nothing SHOULD be done if the header argument
matches one of the following headers case-insensitively:"
I think I understand what the intent is, but maybe it should be
rephrased to:
"For security reasons, a server SHOULD ignore any attempt to modify any
of the headers below (header names being matched case-insensitively):"
Best regards, Julian
