W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: Do we need to rename the Origin header?

From: Bil Corry <bil@corry.biz>
Date: Thu, 16 Jul 2009 10:47:42 -0500
Message-ID: <4A5F4B9E.7060506@corry.biz>
To: Ian Hickson <ian@hixie.ch>
CC: Adam Barth <w3c@adambarth.com>, public-webapps@w3.org
Ian Hickson wrote on 7/15/2009 4:53 PM: 
> On Wed, 15 Jul 2009, Bil Corry wrote:
>> Ian Hickson wrote on 7/14/2009 6:37 PM: 
>>> On Tue, 14 Jul 2009, Bil Corry wrote:
>>>> Ian Hickson wrote on 7/14/2009 12:49 AM: 
>>>>> (Trimmed cc list to avoid cross-posting.)
>>>>> On Thu, 25 Jun 2009, Bil Corry wrote:
>>>>>> Thanks for the clarification.  Will there be some mechanism within HTML5 
>>>>>> to denote links that are privacy-sensitive versus those that are not?  
>>>>>> I'm imagining that by default, links to external resources would be 
>>>>>> considered private unless denoted as public (non-private?).
>>>>> I have no plans to add such a feature at this time, but I suppose if 
>>>>> Sec-From becomes popular, we could add it at some future point, sure.
>>>> The Sec-From draft relies on the adopter to define what constitutes 
>>>> "privacy-sensitive" -- will you be adding this definition to HTML5?
>>> HTML5 will say whatever Adam tells me it should say once the draft is 
>>> stable.
>> Given that identical requests may or may not be "privacy-sensitive" 
>> based entirely on context[1], and given that only the site itself 
>> understands the context, and given that HTML5 will not provide a way for 
>> the author to denote the context, we're left with Adam's default 
>> definition which may or may not be appropriate for any given request.  
>> We should revisit this once Adam has defined "privacy-sensitive".
> I expect that what Adam will tell me to do is to make everything in HTML5 
> privacy-sensitive except GETs. I expect XHR GETs will not be.

I think you mean everything will NOT be privacy-sensitive except non-XHR GETs.

- Bil
Received on Thursday, 16 July 2009 15:48:44 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:17 UTC