On Mon, 23 Jul 2007 10:46:07 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
[...]
Oh, I was going to add to this. I plan on allowing "Accept" and
"Accept-Language" to be set even for cross-site requests. Are there
other headers that people think would be useful and safe to allow?
I added this to the specification now:
http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
(setRequestHeader() has a note to that effect and the send() algorithm
enforces it.)
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
