W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 22 Jan 2009 17:16:21 -0800
Message-Id: <23F5B011-DD05-43DC-A69C-F20763BC8FD4@gbiv.com>
Cc: Larry Masinter <LMM@acm.org>, <ietf-http-wg@w3.org>, "'Lisa Dusseault'" <ldusseault@commerce.net>
To: Mark Nottingham <mnot@mnot.net>

On Jan 22, 2009, at 4:55 PM, Mark Nottingham wrote:

> Ah, I missed the clause "where it is currently not set at all."
>
> Why would even that change be necessary? AIUI browsers sent no  
> value when the request wasn't sourced from a particular HTTP URI;  
> that's information that's valuable to the server (as Adrien points  
> out).

Er, right, I should have limited it to the https case where
nothing is sent for (what I've always considered bogus)
privacy reasons.

....Roy
Received on Friday, 23 January 2009 01:16:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT