W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: Do we need to rename the Origin header?

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 6 Apr 2009 13:05:23 -0700
Message-ID: <7789133a0904061305l7a934fe0pa50d27b61e1f1a7c@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>

On Mon, Apr 6, 2009 at 8:01 AM, Bil Corry <bil@corry.biz> wrote:
> Nevermind, I forgot that Adam conceded to changing his original Origin spec to match the redirect behavior in CORS, and reading through his draft, I see the change has been made to make them compatible.

Yes.  This is not ideal from a CSRF mitigation point of view, but it
is workable.

Adam

Received on Monday, 6 April 2009 20:06:14 GMT

This message: [ Message body ]
Next message: Brandon Sterne: "Re: Do we need to rename the Origin header?"
Previous message: Adam Barth: "Re: Do we need to rename the Origin header?"
In reply to: Bil Corry: "Re: Do we need to rename the Origin header?"
Next in thread: Adam Barth: "Re: Do we need to rename the Origin header?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:10 GMT