We came across a possible opportunity to mark the delta between URI and Origins in the HTML 5.0 draft.
IE8 Beta 1 did not remove the trailing slash from e.origin in XDM. For example, e.origin would return https://mysite/.
The URIs 'http://mysite and 'http://mysite/' are equivalent (empty path is same as '/' path when URI scheme uses generic syntax for authority RFC 3986 5.2.4<http://tools.ietf.org/html/rfc3986#section-5.2.4>) and the normal form is 'http://mysite/' which is what we normalized to and returned in IE. This means, if the e.origin normalized URI is not the same string comparison that the web author is doing (because of syntactical differences like the trailing backslash), a check to validate the sending domain will fail.
It seems that Firefox 3 aligns more close with HTML 5.0 here, i.e, it does not return a trailing backslash. It's probably worth clarifying that "Origin" as defined by HTML 5.0 is not a URI and it would be good to have guidelines on how to serialize "Origin" so it can be consistently used inside Javascript. (If it's called out in the spec pardon me)
Nonetheless we want to make it easier for developers and have made the change to return http://mysite in Beta 2, making it consistent with FF3.
Let me know if there are any ideas here.
--
Sunava Dutta
Program Manager (AJAX) - Developer Experience Team, Internet Explorer
One Microsoft Way, Redmond WA 98052
TEL# (425) 705-1418
FAX# (425) 936-7329