[whatwg] headers for XMLHttpRequests

Hallvord Reiar Michaelsen Steen hallvord at hallvord.com
Mon Jun 20 06:52:37 PDT 2005

Commenting on 

  > User agents must not set any headers other than the
  > headers set by the author using this method, with the
  > following exceptions:

That paragraph means it is against the specification to send other 
headers than those in the list and those set with setRequestHeader 
with an XMLHttpRequest. Headers like "Accept", "Accept-Language", 
"Referer" are not mentioned in the list and thus illegal.

I'm not sure why we disallow normal headers at all.

Accept-Language should be allowed, or do we expect that every app 
using content-negotiation for language choice looks at 
navigator.language or something to set the header manually?

For form posts, Content-Length is obviously required.

I was also surprised that referer is omitted, but I suppose it's 
pretty useless anyway. 

If we want the "blanket disallow with exceptions" approach in the 
spec, are there other headers we should allow?

Would it be better if the spec just stated what headers could be 
overridden or appended to? Basically we would have three categories: 
untouchable, override and append (depending on whether the header 
value can be a comma-separated list or not).
Hallvord Reiar Michaelsen Steen

More information about the whatwg mailing list