- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 25 Feb 2009 19:43:51 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Thanks for your feedback on draft-abarth-origin-00. Your feedback has been very helpful. On Wed, Feb 25, 2009 at 5:23 PM, Mark Nottingham <mnot@mnot.net> wrote: > Also, I now you were working on a > draft -01; if you still intend to publish it, we will of course be happy to > provide feedback. This draft is based on feedback from this list and from browser implementers. If I do publish a -01 draft, I'll certainly welcome additional feedback. I'm quite interested in the idea of recommending or requiring that user agents always send a Referer header (and letting them send the value "null" if they have nothing better to send). This design has the distinct advantage of protecting Web sites that currently implement lenient Referer validation. My plan is to float this idea with some browser security folks and see if they'd be willing to implement it. Adam
Received on Thursday, 26 February 2009 03:44:31 UTC