W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

The HTTP Origin Header (draft-abarth-origin)

From: Larry Masinter <LMM@acm.org>
Date: Thu, 22 Jan 2009 09:33:13 -0800
To: "'Mark Nottingham'" <mnot@mnot.net>
Cc: <ietf-http-wg@w3.org>, "'Lisa Dusseault'" <ldusseault@commerce.net>
Message-ID: <001701c97cb7$807488b0$815d9a10$@org>

The document  http://tools.ietf.org/html/draft-abarth-origin
proposes a new HTTP header and rules for its use as a way of addressing
Cross-Site Request Forgery (CSRF) attacks. This was part of the
HTML5 work in WhatWG and W3C HTML working group.

Is there's a better venue for discussion of this draft
than ietf-http-wg@w3.org?



Larry
-- 
http://larry.masinter.net



 
Received on Thursday, 22 January 2009 17:33:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT