[whatwg] HTTP request headers you can not set from JavaScript
Hallvord R M Steen
hallvors at gmail.com
Thu Dec 15 05:28:08 PST 2005
On http://whatwg.org/specs/web-apps/current-work/#scripted-http
The section on setRequestHeader isn't really clear on what headers a
JavaScript author is allowed to specify, particularly this:
> UAs may set the If-Modified-Since, If-None-Match, If-Range, and Range headers
> if the resource is cached and has not expired (as allowed by HTTP), and must
> not allow those headers to be overridden.
Can setRequestHeader override these headers if the resource isn't
cached, or if the method is one cacheing doesn't apply to (such as
POST)? I suggest deleting the stuff about cacheing ( - it's
implementation details subject to more logic that we can easily put
into this paragraph anyway - ) and saying
> UAs may set the If-Modified-Since, If-None-Match, If-Range, and Range headers.
> Scripts must not be allowed to override or add these headers.
..if that's the policy we want, that is :-p Run discussion..
--
Hallvord R. M. Steen
More information about the whatwg
mailing list