3

Today, I wanted to utilize the Accept-Encoding header to request an image as base64. Come to find out, the XMLHttpRequest spec prevents setting that header!

http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader()-method

Note: The above headers are controlled by the user agent to let it control those aspects of transport. This guarantees data integrity to some extent. Header names starting with Sec- are not allowed to be set to allow new headers to be minted that are guaranteed not to come from XMLHttpRequest.

Why in the world would they write a spec like this? It'd make more sense if the browser just provided a default value (eg. gzip,deflate,sdch) if none was specified.

4

2 回答 2

4

浏览器负责接受和处理响应。操纵您的 XHR 说它接受 gzip 是没有多大意义的,例如,当您无法对它做任何事情时。您可以设置自定义标头值吗?

于 2014-03-12T19:47:51.003 回答
0

他们到底为什么要编写这样的规范?

一言以蔽之:懒惰

为什么要为每个可能的标头添加额外的语义来描述安全的可预测浏览器行为,而这些标头只能由像我们这样的少数人使用,而他们可以在一个段落中声明所有禁止的标头。

于 2015-05-29T15:41:44.970 回答