W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: The HTTP Origin Header (draft-abarth-origin)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Thu, 25 Jun 2009 01:08:54 +0200
To: Adam Barth <w3c@adambarth.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Larry Masinter <LMM@acm.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>
Message-Id: <1245884934.9223.145.camel@localhost.localdomain>
tor 2009-01-22 klockan 17:35 -0800 skrev Adam Barth:
> I experimentally measured how often the Origin header is dropped in
> the real world, an it is not dropped greater than 99.9% of the time.

So the actual motivation for Origin is because Referer is dropped in
some networks, while the still unknown Origin header is not dropped in
the same networks?

And why is this? Imho simply because the network admins who worry about
Referer do not yet know about Origin. Once they learn about Origin they
will start filtering that header in the same manner as they do with
Referer, putting you back on square one, implementing Origin2?

Regards
Henrik
Received on Wednesday, 24 June 2009 23:09:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC