W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Origin header for safe methods other than GET/HEAD, was: The HTTP Origin Header (draft-abarth-origin)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 23 Jan 2009 09:30:49 +0100
Message-ID: <49798039.90201@gmx.de>
To: Larry Masinter <LMM@acm.org>
CC: 'Mark Nottingham' <mnot@mnot.net>, ietf-http-wg@w3.org, 'Lisa Dusseault' <ldusseault@commerce.net>

Hi,

looking at <http://tools.ietf.org/html/draft-abarth-origin-00#section-5>:

    Whenever a user agent issues an HTTP request whose method is neither
    "GET" nor "HEAD", the user agent MUST include exactly one HTTP header
    named "Origin".

What about other safe methods, such as PROPFIND, REPORT or SEARCH? 
Shouldn't the spec just say:

    Whenever a user agent issues an HTTP request whose method is not
    known to be safe (see ...), the user agent MUST include exactly
    one HTTP header named "Origin".

?

BR, Julian (always nervous when definitions refer to a certain set of 
named methods)
Received on Friday, 23 January 2009 08:46:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT