Re: Do we need to rename the Origin header?

On Tue, Apr 7, 2009 at 10:24 AM, Bil Corry <bil@corry.biz> wrote:
> How set in stone is Origin within CORS?

I don't think we want to impede CORS with these issues.  CORS is quite
close to shipping in a number of implementations.  I certainly don't
want to hold it hostage.

> The ideal scenario would be to merge all the various proposed Origin specifications into one that is well thought out and handles the bulk of the use cases.

Given infinite time, I agree.  However, there is tremendous value in
shipping CORS sooner rather than later.

> At this point, I'm aware of four Origin descriptions, are there any others?
>
>        CORS:  http://www.w3.org/TR/cors/#origin-header

>        HTML5: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
>        Barth: http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt

These two, at least, are the same.  We separated the XXX-Origin bit
from the HTML 5 spec because folks from the IETF were interested in
reviewing it separately from HTML 5.

>        Moz:   https://wiki.mozilla.org/Security/Origin

Adam

Received on Tuesday, 7 April 2009 21:37:47 UTC