- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 6 Apr 2009 13:05:23 -0700
- To: Bil Corry <bil@corry.biz>
- Cc: Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>
On Mon, Apr 6, 2009 at 8:01 AM, Bil Corry <bil@corry.biz> wrote: > Nevermind, I forgot that Adam conceded to changing his original Origin spec to match the redirect behavior in CORS, and reading through his draft, I see the change has been made to make them compatible. Yes. This is not ideal from a CSRF mitigation point of view, but it is workable. Adam
Received on Monday, 6 April 2009 20:06:14 UTC