W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Fetch: Origin header

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 7 Mar 2013 11:29:22 -0800
Message-ID: <CAJE5ia-Z9WL0SsbPOiZgoTNoeuyh-cdpo5NNfQRAetkGNPwbJw@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@whatwg.org>
On Thu, Mar 7, 2013 at 9:07 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Wed, Mar 6, 2013 at 3:21 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> Unless PHP does not expose Origin under HTTP_ORIGIN in $_SERVER as one
>> would expect...
>
> (It does btw.)
>
> So I also "tested" the "fetch from an origin" in the specification
> http://dump.testsuite.org/fetch/form.html and it turns out that only
> WebKit exhibits this behavior. Other browsers do not include Origin in
> a navigation that uses the POST method.
>
> Adam, is that something you think we should keep?

I don't have strong feelings one way or another.  Generally, I think
it's a good idea if the presence of the Origin header isn't synonymous
with the request being a CORS request because that could limit our
ability to use the Origin header in the future.

Adam
Received on Thursday, 7 March 2013 19:30:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 7 March 2013 19:30:25 GMT