Two new IDs of relevance to this working group

As part of our effort to remove from HTML5 sections that are more 
appropriate elsewhere, I would like to bring your attention to these two 
new drafts edited by Adam Barth:

   Content-Type Processing Model
   Many Web servers supply incorrect Content-Type headers with their
   HTTP responses.  In order to be compatible with these Web servers,
   Web browsers must consider the content of HTTP responses as well as
   the Content-Type header when determining the effective mime type of
   the response.  This document describes an algorithm for determining
   the effective mime type of HTTP responses that balances security and
   compatibility considerations.

   The HTTP Origin Header
   This document defines the HTTP Origin header.  The Origin header is
   added by the user agent to describe the security context that
   initiated an HTTP request.  HTTP servers can use the Origin header to
   defend themselves against Cross-Site Request Forgery (CSRF) attacks.

Feedback is welcome.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 22 January 2009 00:14:50 UTC