W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Do we need to rename the Origin header?

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 25 May 2010 02:55:06 +0000 (UTC)
To: Bil Corry <bil@corry.biz>
Cc: Adam Barth <w3c@adambarth.com>, public-webapps@w3.org
Message-ID: <Pine.LNX.4.64.1005250254310.22838@ps20323.dreamhostps.com>
On Mon, 24 May 2010, Bil Corry wrote:
> Adam Barth wrote on 7/16/2009 10:38 AM: 
> > On Thu, Jul 16, 2009 at 8:47 AM, Bil Corry<bil@corry.biz> wrote:
> >> I think you mean everything will NOT be privacy-sensitive except non-XHR GETs.
> > 
> > I don't think we've quite settled on exactly what will be privacy
> > sensitive.  It's most likely that POSTs and XHR will not be and that
> > hyperlinks and image loads will be.  The goal is to harmonize with the
> > Mozilla proposal.
> 
> I haven't been following the progress of this, has "privacy-sensitive" been defined in HTML5 yet?

Yes.


> The only reference I could find was in "2.6 Fetching Resources":
> 
> ---8<---
> For the purposes of the Origin  header, if the fetching algorithm was explicitly initiated from an origin, then the origin that initiated the HTTP request is origin. Otherwise, this is a request from a "privacy-sensitive" context. [ORIGIN]
> 
> (from: http://www.whatwg.org/specs/web-apps/current-work/multipage/urls.html#fetching-resources)
> --->8---

That is the definition.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 25 May 2010 02:55:36 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT