[whatwg] HTTP request headers you can not set from JavaScript

Hallvord R M Steen hallvors at gmail.com
Thu Dec 15 05:28:08 PST 2005


On http://whatwg.org/specs/web-apps/current-work/#scripted-http

The section on setRequestHeader isn't really clear on what headers a
JavaScript author is allowed to specify, particularly this:

> UAs may set the If-Modified-Since, If-None-Match, If-Range, and Range headers
> if the resource is cached and has not expired (as allowed by HTTP), and must
> not allow those headers to be overridden.

Can setRequestHeader override these headers if the resource isn't
cached, or if the method is one cacheing doesn't apply to (such as
POST)? I suggest deleting the stuff about cacheing ( - it's
implementation details subject to more logic that we can easily put
into this paragraph anyway - ) and saying

> UAs may set the If-Modified-Since, If-None-Match, If-Range, and Range headers.
> Scripts must not be allowed to override or add these headers.

..if that's the policy we want, that is :-p Run discussion..
--
Hallvord R. M. Steen



More information about the whatwg mailing list