- From: Larry Masinter <masinter@adobe.com>
- Date: Thu, 3 Dec 2009 13:35:23 -0800
- To: "public-web-security@w3.org" <public-web-security@w3.org>
Is the "Origin" header generally agreed to be both necessary and sufficient for same-origin-policy work to proceed? Right now, HTML 5 continues to refer to the Origin header as supporting the same-origin policy, and it seemed to me that there was still some disagreement about whether it should be retained. The HTML issue is scheduled to be closed today (Dec 3) -- should it remain open? Would anyone volunteer to write a "change proposal" (re)moving "Origin header" from the HTML5 spec? http://www.w3.org/html/wg/tracker/issues/63 Larry -- http://larry.masinter.net
Received on Thursday, 3 December 2009 21:36:00 UTC