The HTTP Origin Header (draft-abarth-origin)

The document
proposes a new HTTP header and rules for its use as a way of addressing
Cross-Site Request Forgery (CSRF) attacks. This was part of the
HTML5 work in WhatWG and W3C HTML working group.

Is there's a better venue for discussion of this draft



Received on Thursday, 22 January 2009 17:33:52 UTC