W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

RE: Do we need to rename the Origin header?

From: Travis Leithead <Travis.Leithead@microsoft.com>
Date: Tue, 13 Jan 2009 08:42:18 -0800
To: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, "public-webapps@w3.org" <public-webapps@w3.org>, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>, Adam Barth <w3c@adambarth.com>
Message-ID: <0003CB8B8FE2154EB50431DB2B8F69C01BECA588F2@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
I appreciate that Jonas wanted to give some of the implementations time to consider this request.

As he said, we are very close to shipping, and consequently making these types of changes can be tricky. We're discussing this internally at the moment and hope to reply very soon.

-----Original Message-----
From: public-webapps-request@w3.org [mailto:public-webapps-request@w3.org] On Behalf Of Anne van Kesteren
Sent: Tuesday, January 13, 2009 7:32 AM
To: Jonas Sicking; public-webapps@w3.org; Maciej Stachowiak; Sam Weinig; Adam Barth
Subject: Re: Do we need to rename the Origin header?


On Tue, 13 Jan 2009 01:31:49 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> My suggestion is to rename "Origin" to "Access-Control-Request-Origin"
> or "Access-Control-Origin" if possible (depends on where current
> implementers are in their ship schedule), or that we request that the
> CSRF protection header be renamed to something other than "Origin".

I'm fine with renaming it to Access-Control-Request-Origin as far as the
Access Control draft is concerned.

Maciej, Sam, Adam?


--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>


Received on Tuesday, 13 January 2009 16:41:37 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:29 GMT