[Webkit-unassigned] [Bug 63460] New: CORS should only deal with request headers set by script authors
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 27 08:46:41 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=63460
Summary: CORS should only deal with request headers set by
script authors
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: per-erik.brodin at ericsson.com
CC: ap at webkit.org, abarth at webkit.org
The CORS specification has recently been updated to clarify that only request headers set by script authors, "author request headers", should be matched against the list of simple headers and sent in Access-Control-Request-Headers in preflight requests, etc. All headers set by XHR are explicitly or implicitly set by authors, but in EventSource there are no author set headers but rather two request headers set by the implementation, Cache-Control and Last-Event-ID.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list