- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 16 May 2013 17:45:27 +0100
- To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Cc: Jonas Sicking <jonas@sicking.cc>, public-webapps <public-webapps@w3.org>
On Tue, May 14, 2013 at 11:46 AM, Hallvord Reiar Michaelsen Steen
<hallvord@opera.com> wrote:
> Say, for example, OpenID is a setup where the user might provide an "untrusted" URL to a third-party web site ("Here's the service that can authenticate me"), and XHR might be involved - but the Open ID *provider* would of course want to know what site it is interacting with, to present some information about what authenticating means to the user..
Why? That information could be in the resource. Or if you e.g.
implement your own browser-like thing that accepts arbitrary URLs you
would want something similar.
You might also want to do same-origin requests that do not include the
overhead of Cookie / Origin / Referrer headers. HTML already has
rel=noreferrer for that. We should expose functionality like that in
the low-level API.
--
http://annevankesteren.nl/
Received on Thursday, 16 May 2013 16:46:00 UTC