W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: CORS redirect behavior proposal

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 24 Sep 2009 16:22:34 -0700
Message-ID: <7789133a0909241622k225b52a9y9dca32a3ace0cad1@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Collin Jackson <collin@collinjackson.com>, Mark Nottingham <mnot@mnot.net>, Ian Hickson <ian@hixie.ch>, HTTP Working Group <ietf-http-wg@w3.org>, public-webapps@w3.org, Tyler Close <tyler.close@gmail.com> 
On Thu, Sep 24, 2009 at 9:00 AM, Anne van Kesteren <annevk@opera.com> wrote:
> I have now specified the approach we discussed:
>
>  http://dev.w3.org/2006/waf/access-control/
>
> For simple requests redirects are followed. For other cross-origin requests
> they are the equivalent of a network error. The Origin header is a
> U+0020-separated list of origins. Each time a redirect takes place an origin
> is added to the origin chain if it is not the same as the last origin that
> was added. The Access-Control-Allow-Origin header needs to be identical to
> the value of the Origin header, octet-for-octet.
>
> Let me know if I missed anything or if the draft is unclear.

I've updated draft-abarth-origin to match (and switched the header
name back from Sec-From to Origin):

http://www.ietf.org/id/draft-abarth-origin-03.txt

Thanks,
Adam
Received on Thursday, 24 September 2009 23:23:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:39 GMT