- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 23 Jan 2009 09:50:02 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>
Done. You can find the up-to-the-minute version of the draft at: http://webblaze.cs.berkeley.edu/2009/origin/origin.txt I'll upload new versions to IETF as appropriate. Adam On Fri, Jan 23, 2009 at 9:35 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > Adam Barth wrote: >> >> On Fri, Jan 23, 2009 at 12:30 AM, Julian Reschke <julian.reschke@gmx.de> >> wrote: >>> >>> Whenever a user agent issues an HTTP request whose method is neither >>> "GET" nor "HEAD", the user agent MUST include exactly one HTTP header >>> named "Origin". >>> >>> What about other safe methods, such as PROPFIND, REPORT or SEARCH? >>> Shouldn't >>> the spec just say: >>> >>> Whenever a user agent issues an HTTP request whose method is not >>> known to be safe (see ...), the user agent MUST include exactly >>> one HTTP header named "Origin". >>> >>> ? >> >> Good point. What should I cite as the authoritative list of safe methods? > > Just say "safe", reference RFC 2616, Section 9.1.1 for now. HTTPbis will > introduce an IANA registry for HTTP methods, which contains the flag (see > <http://tools.ietf.org/html/draft-ietf-httpbis-method-registrations-01>). > > BR, Julian >
Received on Friday, 23 January 2009 17:50:45 UTC