W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 22 Jan 2009 18:16:37 -0800
Message-ID: <7789133a0901221816n378aa797x918aaee26674ff6e@mail.gmail.com>
To: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>

On Thu, Jan 22, 2009 at 5:46 PM, William A. Rowe, Jr.
<wrowe@rowe-clan.net> wrote:
> If you really wanted to solve this programmaticly, you would add a specific
> hash or noonce to identify the origin to itself...

This design rules out common use cases such as berkeley.facebook.com
POSTing a request to www.facebook.com.

Adam
Received on Friday, 23 January 2009 02:17:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT