[Webkit-unassigned] [Bug 63460] CORS should only deal with request headers set by script authors

Mon Aug 22 11:54:57 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=63460

--- Comment #19 from Alexey Proskuryakov <ap at webkit.org>  2011-08-22 11:54:56 PST ---
> It really doesn't matter how they are set if the request could do malicious things on the server which seems to be the real purpose of deciding whether to do a preflight request or not.

That's my thinking, too, but the current spec draft disagrees, only talking about how the headers are set.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.