RE: Passing "origin" with intents

Bryan wrote: 
> Why couldn’t the browser just send the client origin whenever it is different
> from the service origin, similar to how it decides to send the Origin header?

This is a privacy leak. Most of the time the Service has no business knowing what the client origin is.

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

Received on Wednesday, 29 August 2012 13:50:41 UTC