W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

[whatwg] Fetch: Origin header

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 6 Mar 2013 14:46:44 +0000
Message-ID: <CADnb78iVax26VypOyKsLSL7_aN4oYSzb5rpOM6M+CU+yke2mvA@mail.gmail.com>
To: WHATWG <whatwg@whatwg.org>
It seems we have a bunch of different policies for setting the Origin header :-(

XMLHttpRequest always sets it to the given value.

HTML's "fetch" only sets it to a non-null value if a from parameter is passed.

HTML's "potentially CORS-enabled fetch" seems to never invoke "fetch"
with a from parameter except indirectly via CORS' cross-origin
request.

CORS' cross-origin request always sets Origin to a given value.

So HTML's "potentially CORS-enabled fetch" is incompatible with XMLHttpRequest.


I've been trying to reconcile this mess in a draft at
http://html5.org/temp/fetch.html but I really wonder at this point
what is required and what is not. It would be really annoying I think
if we really required quite that many different ways of doing the same
thing.


-- 
http://annevankesteren.nl/
Received on Wednesday, 6 March 2013 14:47:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 March 2013 14:47:19 GMT