Jonas Sicking wrote on 1/14/2009 12:53 PM: > The problem I think is that the current name, 'Origin', is extremely > generic and so it's likely to cause confusion once we get other > headers containing origins. > > That said, I do understand that this is a very late change for you > guys. Developers will code to what works, so as long as things work > the same across browsers, with regards to this and the CSRF protection > header, things should be mostly ok. > > What do other people think? I liked your suggestion that would marry the two: Jonas Sicking wrote on 1/12/2009 7:22 PM: > That said, here is a solution that might work for both Access-Control > and CSRF protection: > > Site A makes a request to site B, > the UA adds the header "Origin: A" > Site B redirects the request to site C, > the UA adds the header "Origin: A, B" - BilReceived on Wednesday, 14 January 2009 19:36:52 UTC
This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:13 UTC