Re: Comments on the HTTP Sec-From Header (draft-abarth-origin)

On Wed, Jul 22, 2009 at 11:04 PM, Ian Hickson<> wrote:
> I think that relying on sites to handle multiple headers correctly
> (especially when in the common case there will only be one) is asking for
> trouble. I know that they'd be breaking the spec if they didn't, but that
> isn't going to be any consolation when they get tricked.

On Wed, Jul 22, 2009 at 11:06 PM, Mark Nottingham<> wrote:
> If they're using CGI or pretty much any Web framework, it'll be done for
> them automatically. This is actually very well-implemented.

I've relied upon Mark's email above and modified the spec to use
commas to delimit serialized origins.  However, I'm willing to reverse
this decision if new evidence comes to light regarding how well
supported this syntax actually is.


Received on Friday, 31 July 2009 19:58:46 UTC