W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Origin header for safe methods other than GET/HEAD, was: The HTTP Origin Header (draft-abarth-origin)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 23 Jan 2009 18:35:20 +0100
Message-ID: <4979FFD8.6030501@gmx.de>
To: Adam Barth <w3c@adambarth.com>
CC: Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>

Adam Barth wrote:
> On Fri, Jan 23, 2009 at 12:30 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
>>   Whenever a user agent issues an HTTP request whose method is neither
>>   "GET" nor "HEAD", the user agent MUST include exactly one HTTP header
>>   named "Origin".
>>
>> What about other safe methods, such as PROPFIND, REPORT or SEARCH? Shouldn't
>> the spec just say:
>>
>>   Whenever a user agent issues an HTTP request whose method is not
>>   known to be safe (see ...), the user agent MUST include exactly
>>   one HTTP header named "Origin".
>>
>> ?
> 
> Good point.  What should I cite as the authoritative list of safe methods?

Just say "safe", reference RFC 2616, Section 9.1.1 for now. HTTPbis will 
introduce an IANA registry for HTTP methods, which contains the flag 
(see 
<http://tools.ietf.org/html/draft-ietf-httpbis-method-registrations-01>).

BR, Julian
Received on Friday, 23 January 2009 17:36:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT