W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Coming to a conclusion on draft-abarth-origin

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 25 Feb 2009 19:43:51 -0800
Message-ID: <7789133a0902251943r7804a43awf0595943b6c820dd@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Thanks for your feedback on draft-abarth-origin-00.  Your feedback has
been very helpful.

On Wed, Feb 25, 2009 at 5:23 PM, Mark Nottingham <mnot@mnot.net> wrote:
> Also, I now you were working on a
> draft -01; if you still intend to publish it, we will of course be happy to
> provide feedback.

This draft is based on feedback from this list and from browser
implementers.  If I do publish a -01 draft, I'll certainly welcome
additional feedback.

I'm quite interested in the idea of recommending or requiring that
user agents always send a Referer header (and letting them send the
value "null" if they have nothing better to send).  This design has
the distinct advantage of protecting Web sites that currently
implement lenient Referer validation.  My plan is to float this idea
with some browser security folks and see if they'd be willing to
implement it.

Adam
Received on Thursday, 26 February 2009 03:44:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:01 GMT