ISSUE-90: Exposing more (~infinite) response headers
Exposing more (~infinite) response headers
- State:
- CLOSED
- Product:
- HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
- Raised by:
- Anne van Kesteren
- Opened on:
- 2009-06-16
- Description:
- In
http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html
Mark Nottingham comments on the asymmetry of exposing the body of the response but only a tiny subset of the headers. He argues for
* Expanding this whitelist and
* Giving responses of resources a way to indicate which headers are ok to expose
or
* Turning it into a blacklist
He indicated he was not satisfied deferring this issue to CORS2 and considers it a showstopper for CORS1. - Related Actions Items:
- No related actions
- Related emails:
- Re: ISSUE-90: Exposing more (~infinite) response headers [CORS] (from nathan@webr3.org on 2010-06-15)
- Re: ISSUE-90: Exposing more (~infinite) response headers [CORS] (from annevk@opera.com on 2010-06-15)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from mjs@apple.com on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from jonas@sicking.cc on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from jonas@sicking.cc on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from mjs@apple.com on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-19)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from benl@google.com on 2010-04-18)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from julian.reschke@gmx.de on 2010-04-18)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-14)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-14)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-14)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-08)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from Art.Barstow@nokia.com on 2010-04-08)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from annevk@opera.com on 2010-04-07)
- CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from art.barstow@nokia.com on 2010-04-07)
- Re: [cors] update (oct5) (from art.barstow@nokia.com on 2009-10-05)
- Re: [cors] Comments on 17 March 2009 (from annevk@opera.com on 2009-09-23)
- Re: [cors] Review (from annevk@opera.com on 2009-06-16)
- ISSUE-90: Exposing more (~infinite) response headers [CORS] (from sysbot+tracker@w3.org on 2009-06-16)
Related notes:
Closing per June 15 2010 email.
Anne van Kesteren, 15 Jun 2010, 08:20:57Display change log