- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Wed, 03 Jul 2013 09:44:24 +1200
- To: ietf-http-wg@w3.org
On 3/07/2013 9:27 a.m., William Chan (ιζΊζ) wrote: > Yes, any client that cares about security will do the enforcement > regardless. The thing is there are two new proposals on the table > here. Sam's proposal is to simply drop :scheme and :host and always > assume same origin. James' modification is to assume same origin > unless otherwise specified. I prefer the status quo of explicitly > specifying the headers. And I think that unless there are compelling > reasons to *change* the spec, we should opt to keep it as is. Do > people feel strongly that we should adopt either Sam or James' > proposals for the implementation draft? For this draft. No. Amos
Received on Tuesday, 2 July 2013 21:44:49 UTC