Re: Coming to a conclusion on draft-abarth-origin

Thanks for your feedback on draft-abarth-origin-00.  Your feedback has
been very helpful.

On Wed, Feb 25, 2009 at 5:23 PM, Mark Nottingham <> wrote:
> Also, I now you were working on a
> draft -01; if you still intend to publish it, we will of course be happy to
> provide feedback.

This draft is based on feedback from this list and from browser
implementers.  If I do publish a -01 draft, I'll certainly welcome
additional feedback.

I'm quite interested in the idea of recommending or requiring that
user agents always send a Referer header (and letting them send the
value "null" if they have nothing better to send).  This design has
the distinct advantage of protecting Web sites that currently
implement lenient Referer validation.  My plan is to float this idea
with some browser security folks and see if they'd be willing to
implement it.


Received on Thursday, 26 February 2009 03:44:31 UTC