- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Wed, 09 Jun 2010 10:20:44 -0700
- To: W3C Web Security Interest Group <public-web-security@w3.org>
draft-abarth-origin is once again a current I-D. <http://tools.ietf.org/html/draft-abarth-origin> =JeffH Subject: I-D Action:draft-abarth-origin-07.txt From: Internet-Drafts@ietf.org Date: Tue, 8 Jun 2010 20:00:02 -0700 (PDT) To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : The Web Origin Concept Author(s) : A. Barth, et al. Filename : draft-abarth-origin-07.txt Pages : 14 Date : 2010-06-08 This document defines the concept of an "origin," which is used by web browsers to isolate content retrieved from different parties. The origin concept is defined by a "same-origin" relation and a serialization algorithm. This document also defines an HTTP Origin header, which a user agent can use to describe the security contexts that caused the user agent to initiate an HTTP request. HTTP servers can use the Origin header to mitigate against Cross-Site Request Forgery (CSRF) vulnerabilities. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-abarth-origin-07.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --- end
Received on Wednesday, 9 June 2010 17:21:14 UTC