- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 3 Dec 2009 13:40:01 -0800
- To: Larry Masinter <masinter@adobe.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Changing the subject line since this appears to be a new topic. On Thu, Dec 3, 2009 at 1:35 PM, Larry Masinter <masinter@adobe.com> wrote: > Is the "Origin" header generally agreed to be both necessary > and sufficient for same-origin-policy work to proceed? I'm not sure the Origin header is either necessary or sufficient. The same-origin policy is much larger and more extensive than a single header. > Right now, HTML 5 continues to refer to the Origin header as > supporting the same-origin policy, and it seemed to me that > there was still some disagreement about whether it should > be retained. > > The HTML issue is scheduled to be closed today (Dec 3) -- should it > remain open? Would anyone volunteer to write a "change proposal" > (re)moving "Origin header" from the HTML5 spec? > > > http://www.w3.org/html/wg/tracker/issues/63 > > Larry > -- > http://larry.masinter.net > > >
Received on Thursday, 3 December 2009 21:41:03 UTC