[Bug 9017] The origin argument should be used to determine whether Referer is to be omitted for XMLHttpRequest. I'm not a 100% sure at the moment when that would matter, but it seems safer.

http://www.w3.org/Bugs/Public/show_bug.cgi?id=9017


Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




--- Comment #1 from Ian 'Hixie' Hickson <ian@hixie.ch>  2010-02-23 01:54:23 ---
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: It's not safer, it's wrong. :-) The 'origin' parameter is only used
for deciding if there should be an Origin header, as part of the origin privacy
stuff.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 23 February 2010 01:54:28 UTC