W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] TAG request concerning CORS & Next Step(s)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 24 Jun 2009 20:48:40 -0700
Message-ID: <7789133a0906242048w55ca6f61x506ca0b81e63ac53@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Jonas Sicking <jonas@sicking.cc>, Tyler Close <tyler.close@gmail.com>, Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>, Henry Thompson <ht@inf.ed.ac.uk>
On Wed, Jun 24, 2009 at 8:42 PM, Bil Corry<bil@corry.biz> wrote:
> As written, a conforming UA could choose to always send NULL for redirects, which would be unfortunate.

That's correct.

> More concerning though, a conforming UA could choose to always send NULL for *all* HTTP requests.

That's correct.

> Might it be better to more strictly define the behavior?

That's why the draft says:

   Whenever a user agent issues an HTTP request that (1) is *not* the
   result of an HTTP redirect and (2) is *not* initiated from a
   "privacy-sensitive" context, the user agent SHOULD set the value of
   the Sec-From header to the ASCII serialization of the origin that
   initiated the HTTP request.

Adam
Received on Thursday, 25 June 2009 03:49:40 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT