- From: Bil Corry <bil@corry.biz>
- Date: Sun, 12 Jul 2009 21:08:34 -0500
- To: Adam Barth <w3c@adambarth.com>
- CC: Mark Nottingham <mnot@mnot.net>, Henrik Nordstrom <henrik@henriknordstrom.net>, "Roy T. Fielding" <fielding@gbiv.com>, Larry Masinter <LMM@acm.org>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>
Adam Barth wrote on 6/25/2009 12:55 AM: > On Wed, Jun 24, 2009 at 10:46 PM, Mark Nottingham<mnot@mnot.net> wrote: >> Do you have a spec for sec-from? > > http://tools.ietf.org/html/draft-abarth-origin-01 > > This draft addresses the technical feedback I have receive on the -00 > version of the draft. As I said in the previous email, I'm going to > try to reply to all the outstanding emails in the next couple of days. How do you envision the Sec-From header representing frames? I ask because the Mozilla Origin proposal[1] discusses frames quite a bit, and assuming frames are handled by Sec-From in the way outlined by Mozilla's proposal, they'll end up looking like redirect chains. For example, based on your current draft (and correct me if I'm wrong) if A POSTs to B, which then redirects to C, the Sec-From header at C will look like: Sec-From: B A Mozilla's frames proposal -- if A frames B which redirects to C, the header at C will look like: Sec-From: B A There may be some value for C to be able to distinguish that a received request is coming from a frame. - Bil [1] https://wiki.mozilla.org/Security/Origin
Received on Monday, 13 July 2009 02:09:23 UTC