W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTPbis and the Same Origin Policy

From: Mark S. Miller <erights@google.com>
Date: Thu, 3 Dec 2009 17:43:47 -0800
Message-ID: <4d2fac900912031743q23ced9d7nd2e44b63a9706191@mail.gmail.com>
To: Larry Masinter <masinter@adobe.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
I have heard that the deadline is today. This is the first I have
heard about this issue as well as its imminent closure. I appeal to
whoever's judgement is needed for a reasonable extension. I volunteer
to write a change proposal removing the Origin header from the HTML5
spec by January 4. May I have that extension?

On Thu, Dec 3, 2009 at 1:35 PM, Larry Masinter <masinter@adobe.com> wrote:
> Is the "Origin" header generally agreed to be both necessary
> and sufficient for same-origin-policy work to proceed?
> Right now, HTML 5 continues to refer to the Origin header as
> supporting the same-origin policy, and it seemed to me that
> there was still some disagreement about whether it should
> be retained.
> The HTML issue is scheduled to be closed today (Dec 3) -- should it
> remain open? Would anyone volunteer to write a "change proposal"
> (re)moving "Origin header" from the HTML5 spec?
> http://www.w3.org/html/wg/tracker/issues/63
> Larry
> --
> http://larry.masinter.net

Received on Friday, 4 December 2009 01:44:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC