- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 7 Apr 2009 14:36:55 -0700
- To: Bil Corry <bil@corry.biz>
- Cc: Thomas Roessler <tlr@w3.org>, Jonas Sicking <jonas@sicking.cc>, Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>, Sid Stamm <sstamm@mozilla.com>, Doug Schepers <schepers@w3.org>
On Tue, Apr 7, 2009 at 10:24 AM, Bil Corry <bil@corry.biz> wrote: > How set in stone is Origin within CORS? I don't think we want to impede CORS with these issues. CORS is quite close to shipping in a number of implementations. I certainly don't want to hold it hostage. > The ideal scenario would be to merge all the various proposed Origin specifications into one that is well thought out and handles the bulk of the use cases. Given infinite time, I agree. However, there is tremendous value in shipping CORS sooner rather than later. > At this point, I'm aware of four Origin descriptions, are there any others? > > CORS: http://www.w3.org/TR/cors/#origin-header > HTML5: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step > Barth: http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt These two, at least, are the same. We separated the XXX-Origin bit from the HTML 5 spec because folks from the IETF were interested in reviewing it separately from HTML 5. > Moz: https://wiki.mozilla.org/Security/Origin Adam
Received on Tuesday, 7 April 2009 21:37:47 UTC