HTTP Headers vs. link rel=

Evan Martin evan.martin at gmail.com
Tue May 24 09:05:18 PDT 2005


On 5/24/05, Paul Timmins <paul at timmins.net> wrote:
> On Mon, 2005-05-23 at 18:03 -0700, ydnar wrote:
> What's wrong with allowing an authentication server specified in the
> document to override a server header? That seems like a good way to
> override a bizarre host, while allowing a sitewide auth server if none
> are otherwise specified. This also allows it to be doctype agnostic if
> it wants to be.

It defeats part of Mart's argument: you can no longer use HEAD 'cause
you need the entire document just in case they overrode it in the
document.

I'm with Mart: if you can't trust your hosting provider, there's
something more wrong than just needing to override it in your HTML.


More information about the yadis mailing list