Re: [draft-abarth-origin-03] feedback

On Tue, Sep 29, 2009 at 5:22 AM, Anne van Kesteren <annevk@opera.com> wrote:
> The origin production does not need 1*WSP as far as I know. Or is this how
> headers are supposed to be defined per 2616bis?

Fixed.

> The origin-list production should use SP and not 1*WSP. I'd like to keep the
> format as simple as possible.

Fixed.

> I think it should be a MUST and not a MAY on consecutive origins. (Be
> conservative in what you send and all.)

Fixed.

> I also think the draft should make a requirement for one of the two options
> regarding redirects and not leave it open.

I haven't changed this because the draft always lets the client send
the value "null".  This is a fail-safe so that the client can always
proceed even if it forgets what the origin ought to be.  Here you
should imagine some code close to the wire that adds an "Origin: null"
header if the request somehow got there without an Origin header.

> Is the idea that CORS will reference this draft in the end? Currently I have
> registered the Origin header with IANA.

I'd be more than happy if CORS referenced this draft.  Let me know if
there's anything I can do to make this easier for you.

Adam

Received on Tuesday, 29 September 2009 16:54:22 UTC