ISSUE-90: Exposing more (~infinite) response headers [CORS] from Web Applications Working Group Issue Tracker on 2009-06-16 (public-webapps@w3.org from April to June 2009)

From: Web Applications Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 16 Jun 2009 14:18:25 +0000 (GMT)
To: public-webapps@w3.org
Message-Id: <20090616141825.C635C4DD6C@crusher.w3.org>

ISSUE-90: Exposing more (~infinite) response headers [CORS]

http://www.w3.org/2008/webapps/track/issues/90

Raised by: Anne van Kesteren
On product: CORS

In

  http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html

Mark Nottingham comments on the asymmetry of exposing the body of the response but only a tiny subset of the headers. He argues for

 * Expanding this whitelist and
 * Giving responses of resources a way to indicate which headers are ok to expose

or

 * Turning it into a blacklist

He indicated he was not satisfied deferring this issue to CORS2 and considers it a showstopper for CORS1.

Received on Tuesday, 16 June 2009 14:18:32 UTC