W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Origin header for safe methods other than GET/HEAD, was: The HTTP Origin Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 23 Jan 2009 09:14:54 -0800
Message-ID: <7789133a0901230914u7b1c23adi7c6d96d2002fd3bd@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net> 

On Fri, Jan 23, 2009 at 12:30 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
>   Whenever a user agent issues an HTTP request whose method is neither
>   "GET" nor "HEAD", the user agent MUST include exactly one HTTP header
>   named "Origin".
>
> What about other safe methods, such as PROPFIND, REPORT or SEARCH? Shouldn't
> the spec just say:
>
>   Whenever a user agent issues an HTTP request whose method is not
>   known to be safe (see ...), the user agent MUST include exactly
>   one HTTP header named "Origin".
>
> ?

Good point.  What should I cite as the authoritative list of safe methods?

Thanks for your feedback,
Adam
Received on Friday, 23 January 2009 17:15:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:35 GMT