W3C home > Mailing lists > Public > www-archive@w3.org > September 2009

Re: [draft-abarth-origin-03] feedback

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 29 Sep 2009 09:55:44 -0700
Message-ID: <7789133a0909290955he3a4f1doc3ba6fb64ee6ea42@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: www-archive@w3.org
Posted: http://www.ietf.org/id/draft-abarth-origin-04.txt

Adam


On Tue, Sep 29, 2009 at 9:53 AM, Adam Barth <w3c@adambarth.com> wrote:
> On Tue, Sep 29, 2009 at 5:22 AM, Anne van Kesteren <annevk@opera.com> wrote:
>> The origin production does not need 1*WSP as far as I know. Or is this how
>> headers are supposed to be defined per 2616bis?
>
> Fixed.
>
>> The origin-list production should use SP and not 1*WSP. I'd like to keep the
>> format as simple as possible.
>
> Fixed.
>
>> I think it should be a MUST and not a MAY on consecutive origins. (Be
>> conservative in what you send and all.)
>
> Fixed.
>
>> I also think the draft should make a requirement for one of the two options
>> regarding redirects and not leave it open.
>
> I haven't changed this because the draft always lets the client send
> the value "null".  This is a fail-safe so that the client can always
> proceed even if it forgets what the origin ought to be.  Here you
> should imagine some code close to the wire that adds an "Origin: null"
> header if the request somehow got there without an Origin header.
>
>> Is the idea that CORS will reference this draft in the end? Currently I have
>> registered the Origin header with IANA.
>
> I'd be more than happy if CORS referenced this draft.  Let me know if
> there's anything I can do to make this easier for you.
>
> Adam
>
Received on Tuesday, 29 September 2009 16:56:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 14:18:26 GMT