- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 24 May 2008 20:08:30 +0200
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Adam Barth <public-webapi@adambarth.com>, Collin Jackson <collinj@cs.stanford.edu>, "Web API WG (public)" <public-webapi@w3.org>
On 2008-05-24 10:57:03 +0200, Anne van Kesteren wrote: > It has been suggested that having an "Origin" header instead of > "Access-Control-Origin" would be useful in other contexts as > well. That browsers could always include this as it does not have > the privacy issue the "Referer" header has (does not include the > path) and could therefore be used for Access Control but also to > prevent CSRF. Incidentally, +1 to "Origin" - for two reasons: (a) it might indeed turn out to be more generally useful (b) it's much less of a mouthful than Access-Control-Origin -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 24 May 2008 18:09:08 UTC