W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: Do we need to rename the Origin header?

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 9 Apr 2009 12:37:50 -0700
Message-ID: <7789133a0904091237w566c4ac5ob48c2a6a34506db4@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Ian Hickson <ian@hixie.ch>, public-webapps@w3.org
On Thu, Apr 9, 2009 at 8:48 AM, Bil Corry <bil@corry.biz> wrote:
> My point is that a robust Origin moves us closer to better security controls, perhaps not all the way, but certainly much closer than CORS-Origin gets us.

I think we should focus on clear use cases and techniques that address
those use cases.  For example, Mozilla-Origin is useful for mitigating
ClickJacking whereas CORS-Origin is not.

Adam
Received on Thursday, 9 April 2009 19:38:43 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT