Skip to content
Permalink
Browse files

Decide that parameters are ignored for the purposes of simple header

This gives XMLHttpRequest (and soon fetch()) a slight edge over <form>
submission, but since everyone has been doing this forever it is
hopefully okay.
  • Loading branch information
annevk committed Jun 27, 2014
1 parent d94f125 commit c5e67505d2badfc480d3d4e1f9eb7952ab496f34
Showing with 10 additions and 16 deletions.
  1. +5 −8 Overview.html
  2. +5 −8 Overview.src.html
@@ -274,15 +274,12 @@ <h4 id="terminology-headers"><span class="secno">2.1.2 </span>Headers</h4>
`<code title="">Accept-Language</code>`, and `<code title="">Content-Language</code>`, or whose
<a href="#concept-header-name" title="concept-header-name">name</a> is `<code title="">Content-Type</code>` and
<a href="#concept-header-value" title="concept-header-value">value</a>,
<a href="#concept-header-parse" title="concept-header-parse">once parsed</a>, is one of
`<code title="">application/x-www-form-urlencoded</code>`,
<a href="#concept-header-parse" title="concept-header-parse">once parsed</a>, has a MIME type (ignoring parameters)
that is one of `<code title="">application/x-www-form-urlencoded</code>`,
`<code title="">multipart/form-data</code>`, and `<code title="">text/plain</code>`.

<p class="XXX">What we never resolved in CORS was whether only certain
parameters should be allowed and how exactly the MIME type parsing would work. Hopefully
<a href="http://mimesniff.spec.whatwg.org/#parse-a-mime-type">parsing MIME types</a> will
solve this.
<!-- example if people ask: "Content-Type: text/html;" -->
<!-- XXX * needs better xref
* ignoring parameters has been the standard for a long time now
* interesting test: "Content-Type: text/plain;" -->

<p>A <dfn id="forbidden-header-name">forbidden header name</dfn> is a <a href="#concept-header" title="concept-header">header</a>
<a href="#concept-header-name" title="concept-header-name">name</a> that either is one of
@@ -231,15 +231,12 @@ <h4 id=terminology-headers>Headers</h4>
`<code title>Accept-Language</code>`, and `<code title>Content-Language</code>`, or whose
<span title=concept-header-name>name</span> is `<code title>Content-Type</code>` and
<span title=concept-header-value>value</span>,
<span title=concept-header-parse>once parsed</span>, is one of
`<code title>application/x-www-form-urlencoded</code>`,
<span title=concept-header-parse>once parsed</span>, has a MIME type (ignoring parameters)
that is one of `<code title>application/x-www-form-urlencoded</code>`,
`<code title>multipart/form-data</code>`, and `<code title>text/plain</code>`.

<p class=XXX>What we never resolved in CORS was whether only certain
parameters should be allowed and how exactly the MIME type parsing would work. Hopefully
<a href=http://mimesniff.spec.whatwg.org/#parse-a-mime-type>parsing MIME types</a> will
solve this.
<!-- example if people ask: "Content-Type: text/html;" -->
<!-- XXX * needs better xref
* ignoring parameters has been the standard for a long time now
* interesting test: "Content-Type: text/plain;" -->

<p>A <dfn>forbidden header name</dfn> is a <span title=concept-header>header</span>
<span title=concept-header-name>name</span> that either is one of

0 comments on commit c5e6750

Please sign in to comment.
You can’t perform that action at this time.