W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Bil Corry <bil@corry.biz>
Date: Sat, 24 Jan 2009 17:27:52 -0600
Message-ID: <497BA3F8.8010501@corry.biz>
To: ietf-http-wg@w3.org

Ian Hickson wrote on 1/24/2009 2:51 PM: 
> This solution would fail to satisfy the original use case of Origin, 
> namely to let the server in an XHR2 scenario know who the origin was so it 
> could make educated decisions about letting information out.

Doesn't XHR2 send the Origin header for GET?  That's prohibited by Adam's Origin draft, so either way, the Origin header discussed here will not exactly match the Origin header as provided by XHR2 via Access Control.


- Bil
Received on Saturday, 24 January 2009 23:28:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT