RE: HTTPbis and the Same Origin Policy

Is the "Origin" header generally agreed to be both necessary
and sufficient for same-origin-policy work to proceed?

Right now, HTML 5 continues to refer to the Origin header as
supporting the same-origin policy, and it seemed to me that
there was still some disagreement about whether it should
be retained.

The HTML issue is scheduled to be closed today (Dec 3) -- should it
remain open? Would anyone volunteer to write a "change proposal"
(re)moving "Origin header" from the HTML5 spec?


http://www.w3.org/html/wg/tracker/issues/63

Larry
--
http://larry.masinter.net

Received on Thursday, 3 December 2009 21:36:00 UTC