- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 29 Sep 2009 09:55:44 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: www-archive@w3.org
Posted: http://www.ietf.org/id/draft-abarth-origin-04.txt Adam On Tue, Sep 29, 2009 at 9:53 AM, Adam Barth <w3c@adambarth.com> wrote: > On Tue, Sep 29, 2009 at 5:22 AM, Anne van Kesteren <annevk@opera.com> wrote: >> The origin production does not need 1*WSP as far as I know. Or is this how >> headers are supposed to be defined per 2616bis? > > Fixed. > >> The origin-list production should use SP and not 1*WSP. I'd like to keep the >> format as simple as possible. > > Fixed. > >> I think it should be a MUST and not a MAY on consecutive origins. (Be >> conservative in what you send and all.) > > Fixed. > >> I also think the draft should make a requirement for one of the two options >> regarding redirects and not leave it open. > > I haven't changed this because the draft always lets the client send > the value "null". This is a fail-safe so that the client can always > proceed even if it forgets what the origin ought to be. Here you > should imagine some code close to the wire that adds an "Origin: null" > header if the request somehow got there without an Origin header. > >> Is the idea that CORS will reference this draft in the end? Currently I have >> registered the Origin header with IANA. > > I'd be more than happy if CORS referenced this draft. Let me know if > there's anything I can do to make this easier for you. > > Adam >
Received on Tuesday, 29 September 2009 16:56:43 UTC