W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: Do we need to rename the Origin header?

From: Sam Weinig <weinig@apple.com>
Date: Tue, 13 Jan 2009 15:39:40 -0800
Cc: Jonas Sicking <jonas@sicking.cc>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Adam Barth <w3c@adambarth.com>
Message-Id: <1A204AD9-8A92-448E-AB2A-DF82202E5F71@apple.com>
To: Anne van Kesteren <annevk@opera.com>

On Jan 13, 2009, at 7:31 AM, Anne van Kesteren wrote:

> On Tue, 13 Jan 2009 01:31:49 +0100, Jonas Sicking <jonas@sicking.cc>  
> wrote:
>> My suggestion is to rename "Origin" to "Access-Control-Request- 
>> Origin"
>> or "Access-Control-Origin" if possible (depends on where current
>> implementers are in their ship schedule), or that we request that the
>> CSRF protection header be renamed to something other than "Origin".
> I'm fine with renaming it to Access-Control-Request-Origin as far as  
> the Access Control draft is concerned.
> Maciej, Sam, Adam?

I am also fine with renaming it to Access-Control-Request-Origin.  I  
think the purposes are different enough that it wont be confusing.

- Sam
Received on Tuesday, 13 January 2009 23:40:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:13 UTC