W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

RE: HTTPbis and the Same Origin Policy

From: Larry Masinter <masinter@adobe.com>
Date: Thu, 3 Dec 2009 13:35:23 -0800
To: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <8B62A039C620904E92F1233570534C9B0118DC9ECD14@nambx04.corp.adobe.com>
Is the "Origin" header generally agreed to be both necessary
and sufficient for same-origin-policy work to proceed?

Right now, HTML 5 continues to refer to the Origin header as
supporting the same-origin policy, and it seemed to me that
there was still some disagreement about whether it should
be retained.

The HTML issue is scheduled to be closed today (Dec 3) -- should it
remain open? Would anyone volunteer to write a "change proposal"
(re)moving "Origin header" from the HTML5 spec?


http://www.w3.org/html/wg/tracker/issues/63

Larry
--
http://larry.masinter.net
Received on Thursday, 3 December 2009 21:36:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT