W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Sat, 24 Jan 2009 15:31:05 -0800
Message-ID: <7789133a0901241531l27cf2b1cy322a0e909b4a2e04@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: ietf-http-wg@w3.org 

On Sat, Jan 24, 2009 at 3:27 PM, Bil Corry <bil@corry.biz> wrote:
> Doesn't XHR2 send the Origin header for GET?  That's prohibited by Adam's Origin draft,

That is not prohibited by the draft.  The draft has only positive
requirements on sending the Origin header.

> so either way, the Origin header discussed here will not exactly match the Origin header as provided by XHR2 via Access Control.

One of our goals is to have the Origin header used by XHR2 via Access
Control comply with the requirements of this draft.

Adam
Received on Saturday, 24 January 2009 23:31:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:35 GMT