[whatwg] headers for XMLHttpRequests
Hallvord Reiar Michaelsen Steen
hallvord at hallvord.com
Mon Jun 20 06:52:37 PDT 2005
Commenting on
http://www.whatwg.org/specs/web-apps/current-work/#setrequestheader
> User agents must not set any headers other than the
> headers set by the author using this method, with the
> following exceptions:
That paragraph means it is against the specification to send other
headers than those in the list and those set with setRequestHeader
with an XMLHttpRequest. Headers like "Accept", "Accept-Language",
"Referer" are not mentioned in the list and thus illegal.
I'm not sure why we disallow normal headers at all.
Accept-Language should be allowed, or do we expect that every app
using content-negotiation for language choice looks at
navigator.language or something to set the header manually?
For form posts, Content-Length is obviously required.
I was also surprised that referer is omitted, but I suppose it's
pretty useless anyway.
If we want the "blanket disallow with exceptions" approach in the
spec, are there other headers we should allow?
Would it be better if the spec just stated what headers could be
overridden or appended to? Basically we would have three categories:
untouchable, override and append (depending on whether the header
value can be a comma-separated list or not).
--
Hallvord Reiar Michaelsen Steen
http://www.hallvord.com/
More information about the whatwg
mailing list