On Wed, 8 Oct 2008, Adam Barth wrote: > > In some cases, XHR+AC will send an Origin header whose value is the > empty string. This asks server operators to distinguish between a > request that lacks an Origin header (like a same-site request) and a > request with an empty Origin header (say from a data URL), which might > be tricky in various languages like mod_security. Also, some proxies > might normalize empty headers away if they represent the non-existence > of a header with the empty string (as, for example, XMLHttpRequest > does). > > A previous version of the spec sent the literal string "null" in these > cases. It seems like this behavior is preferable. If we want to have > the same behavior as postMessage, we might be able to change its origin > property to use the string "null" in these cases too. HTML5 has now changed to do this, which I believe automatically fixes XHR+AC for you. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Monday, 20 October 2008 15:19:11 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT