W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Origin header for safe methods other than GET/HEAD, was: The HTTP Origin Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 23 Jan 2009 09:50:02 -0800
Message-ID: <7789133a0901230950oa8cf019s606fd2081039fd20@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>

Done.

You can find the up-to-the-minute version of the draft at:

http://webblaze.cs.berkeley.edu/2009/origin/origin.txt

I'll upload new versions to IETF as appropriate.

Adam


On Fri, Jan 23, 2009 at 9:35 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> Adam Barth wrote:
>>
>> On Fri, Jan 23, 2009 at 12:30 AM, Julian Reschke <julian.reschke@gmx.de>
>> wrote:
>>>
>>>  Whenever a user agent issues an HTTP request whose method is neither
>>>  "GET" nor "HEAD", the user agent MUST include exactly one HTTP header
>>>  named "Origin".
>>>
>>> What about other safe methods, such as PROPFIND, REPORT or SEARCH?
>>> Shouldn't
>>> the spec just say:
>>>
>>>  Whenever a user agent issues an HTTP request whose method is not
>>>  known to be safe (see ...), the user agent MUST include exactly
>>>  one HTTP header named "Origin".
>>>
>>> ?
>>
>> Good point.  What should I cite as the authoritative list of safe methods?
>
> Just say "safe", reference RFC 2616, Section 9.1.1 for now. HTTPbis will
> introduce an IANA registry for HTTP methods, which contains the flag (see
> <http://tools.ietf.org/html/draft-ietf-httpbis-method-registrations-01>).
>
> BR, Julian
>
Received on Friday, 23 January 2009 17:50:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT