W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Comments on the HTTP Sec-From Header (draft-abarth-origin)

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 31 Jul 2009 12:57:44 -0700
Message-ID: <7789133a0907311257v15789310x66ceeaa607b07413@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, "collinj@cs.stanford.edu" <collinj@cs.stanford.edu>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jul 22, 2009 at 11:04 PM, Ian Hickson<ian@hixie.ch> wrote:
> I think that relying on sites to handle multiple headers correctly
> (especially when in the common case there will only be one) is asking for
> trouble. I know that they'd be breaking the spec if they didn't, but that
> isn't going to be any consolation when they get tricked.

On Wed, Jul 22, 2009 at 11:06 PM, Mark Nottingham<mnot@mnot.net> wrote:
> If they're using CGI or pretty much any Web framework, it'll be done for
> them automatically. This is actually very well-implemented.

I've relied upon Mark's email above and modified the spec to use
commas to delimit serialized origins.  However, I'm willing to reverse
this decision if new evidence comes to light regarding how well
supported this syntax actually is.

Adam
Received on Friday, 31 July 2009 19:58:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT