In some cases, XHR+AC will send an Origin header whose value is the empty string. This asks server operators to distinguish between a request that lacks an Origin header (like a same-site request) and a request with an empty Origin header (say from a data URL), which might be tricky in various languages like mod_security. Also, some proxies might normalize empty headers away if they represent the non-existence of a header with the empty string (as, for example, XMLHttpRequest does). A previous version of the spec sent the literal string "null" in these cases. It seems like this behavior is preferable. If we want to have the same behavior as postMessage, we might be able to change its origin property to use the string "null" in these cases too. AdamReceived on Thursday, 9 October 2008 01:05:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:01 GMT