W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

RE: HTTPbis and the Same Origin Policy

From: Larry Masinter <masinter@adobe.com>
Date: Thu, 3 Dec 2009 13:35:23 -0800
To: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <8B62A039C620904E92F1233570534C9B0118DC9ECD14@nambx04.corp.adobe.com>
Is the "Origin" header generally agreed to be both necessary
and sufficient for same-origin-policy work to proceed?

Right now, HTML 5 continues to refer to the Origin header as
supporting the same-origin policy, and it seemed to me that
there was still some disagreement about whether it should
be retained.

The HTML issue is scheduled to be closed today (Dec 3) -- should it
remain open? Would anyone volunteer to write a "change proposal"
(re)moving "Origin header" from the HTML5 spec?


Received on Thursday, 3 December 2009 21:36:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC