On Tue, 08 Apr 2008 19:30:42 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
I'd wonder what the purprose of this is? I.e. what's the usecase?
The main use case for not restricting headers too much is that it gives more consistency with same-origin requests. This presumably allows the same kind of scenarios that nowadays happen same-origin to be done non same-origin.
We don't want to allow access to cookie and authentication headers, right?
Right.
Are you sure there are not anything else like it as well that authors won't unintentionally expose?
That's what I'm asking for, I suppose. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
