- From: Adam Barth <w3c@adambarth.com>
- Date: Sat, 11 Apr 2009 09:46:04 -0700
- To: Bil Corry <bil@corry.biz>
- Cc: public-webapps@w3.org
I don't understand what you're requesting. The spec already says that in Section 4.2, step 1. Requirement 1 of paragraph 3 of section 5 is to ensure that all POST requests (including those generated by the browser itself) contain a sensible Origin header. Adam On Sat, Apr 11, 2009 at 5:27 AM, Bil Corry <bil@corry.biz> wrote: > But if it never gets sent to the server, is there some other purpose for a UA to calculate the Origin string? Couldn't the draft simply state that to calculate the Origin, if it isn't a (scheme, host, port) tuple, it's "null" since that's all that gets sent anyhow? > > - Bil > > Adam Barth wrote on 4/10/2009 1:01 PM: >> This is to support things like data URLs that can't be represented as >> a (scheme, host, port) tuple. >> >> Adam >> >> >> On Thu, Apr 9, 2009 at 9:48 AM, Bil Corry <bil@corry.biz> wrote: >>> I wanted to clarify something in the IETF Origin draft[1], which is now going to serve as the basis for HTML5's Origin. >>> >>> Section 5 requires that when a user agent provides the Origin header, it must either send "null" or the ASCII serialization of the origin. ASCII serialization (and Unicode serialization) stipulates that if an origin is not a scheme/host/port tuple, then it must return "null". Section 2 allows implementations to define other types of origins in addition to the scheme/host/port tuple. So my question is, if a user agent defines another type of origin, but is required to send "null" for it in the Origin header, is there some other use for defining other types of origins? >>> >>> >>> - Bil >>> >>> [1] http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt >>> >>> >>> >> >> > > >
Received on Saturday, 11 April 2009 16:46:54 UTC