- From: Bil Corry <bil@corry.biz>
- Date: Sat, 24 Jan 2009 17:27:52 -0600
- To: ietf-http-wg@w3.org
Ian Hickson wrote on 1/24/2009 2:51 PM: > This solution would fail to satisfy the original use case of Origin, > namely to let the server in an XHR2 scenario know who the origin was so it > could make educated decisions about letting information out. Doesn't XHR2 send the Origin header for GET? That's prohibited by Adam's Origin draft, so either way, the Origin header discussed here will not exactly match the Origin header as provided by XHR2 via Access Control. - Bil
Received on Saturday, 24 January 2009 23:28:33 UTC