- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 2 Feb 2017 12:30:51 +1100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
> On 2 Feb 2017, at 12:23 pm, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 2 February 2017 at 10:12, Mark Nottingham <mnot@mnot.net> wrote: >> I don't buy the argument that removal itself adds complexity. Implementations already need to remember what origins they received a 421 for, so they already have the concept of origin set removal. > > Well, you just established why it might be unnecessary. The gain here > is in the client not sending a request to the wrong place. But if > this is rare enough, then that cost is probably bearable. Right, but the whole point of ORIGIN is to avoid those situations. > The "everything except those" case doesn't concern me that much. > Iknow it's relatively common, but it is fairly rare that the set of > origins that are used is not easily enumerable, or incrementally > discoverable. Spoken like a true browser vendor :) It'd be good to get a bit more data here from server-side folks. Anyone share this concern? I note that Nick seems to be OK with it. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 2 February 2017 01:31:24 UTC