W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: Do we need to rename the Origin header?

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 7 Apr 2009 14:36:55 -0700
Message-ID: <7789133a0904071436s46a729a7qdb35fc943f768eca@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>, Sid Stamm <sstamm@mozilla.com>, Doug Schepers <schepers@w3.org>
On Tue, Apr 7, 2009 at 10:24 AM, Bil Corry <bil@corry.biz> wrote:
> How set in stone is Origin within CORS?

I don't think we want to impede CORS with these issues.  CORS is quite
close to shipping in a number of implementations.  I certainly don't
want to hold it hostage.

> The ideal scenario would be to merge all the various proposed Origin specifications into one that is well thought out and handles the bulk of the use cases.

Given infinite time, I agree.  However, there is tremendous value in
shipping CORS sooner rather than later.

> At this point, I'm aware of four Origin descriptions, are there any others?
>
>        CORS:  http://www.w3.org/TR/cors/#origin-header

>        HTML5: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
>        Barth: http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt

These two, at least, are the same.  We separated the XXX-Origin bit
from the HTML 5 spec because folks from the IETF were interested in
reviewing it separately from HTML 5.

>        Moz:   https://wiki.mozilla.org/Security/Origin

Adam
Received on Tuesday, 7 April 2009 21:37:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT