W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 23 Jan 2009 10:53:47 +1100
Cc: <ietf-http-wg@w3.org>, "'Lisa Dusseault'" <ldusseault@commerce.net>
Message-Id: <E503380A-1482-4914-A439-58F08BA8F9E1@mnot.net>
To: Larry Masinter <LMM@acm.org>

Hi Larry,

As I responded to Ian, I think here is at least as appropriate as  
elsewhere.

Cheers,


On 23/01/2009, at 4:33 AM, Larry Masinter wrote:

> The document  http://tools.ietf.org/html/draft-abarth-origin
> proposes a new HTTP header and rules for its use as a way of  
> addressing
> Cross-Site Request Forgery (CSRF) attacks. This was part of the
> HTML5 work in WhatWG and W3C HTML working group.
>
> Is there's a better venue for discussion of this draft
> than ietf-http-wg@w3.org?
>
>
>
> Larry
> -- 
> http://larry.masinter.net
>
>
>
>
>


--
Mark Nottingham     http://www.mnot.net/
Received on Thursday, 22 January 2009 23:54:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT