W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: Do we need to rename the Origin header?

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 6 Apr 2009 13:05:23 -0700
Message-ID: <7789133a0904061305l7a934fe0pa50d27b61e1f1a7c@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>
On Mon, Apr 6, 2009 at 8:01 AM, Bil Corry <bil@corry.biz> wrote:
> Nevermind, I forgot that Adam conceded to changing his original Origin spec to match the redirect behavior in CORS, and reading through his draft, I see the change has been made to make them compatible.

Yes.  This is not ideal from a CSRF mitigation point of view, but it
is workable.

Adam
Received on Monday, 6 April 2009 20:06:14 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT