Re: HTML5 Origin (aka IETF Origin draft)

I don't understand what you're requesting.  The spec already says that
in Section 4.2, step 1.  Requirement 1 of paragraph 3 of section 5 is
to ensure that all POST requests (including those generated by the
browser itself) contain a sensible Origin header.

Adam


On Sat, Apr 11, 2009 at 5:27 AM, Bil Corry <bil@corry.biz> wrote:
> But if it never gets sent to the server, is there some other purpose for a UA to calculate the Origin string?  Couldn't the draft simply state that to calculate the Origin, if it isn't a (scheme, host, port) tuple, it's "null" since that's all that gets sent anyhow?
>
> - Bil
>
> Adam Barth wrote on 4/10/2009 1:01 PM:
>> This is to support things like data URLs that can't be represented as
>> a (scheme, host, port) tuple.
>>
>> Adam
>>
>>
>> On Thu, Apr 9, 2009 at 9:48 AM, Bil Corry <bil@corry.biz> wrote:
>>> I wanted to clarify something in the IETF Origin draft[1], which is now going to serve as the basis for HTML5's Origin.
>>>
>>> Section 5 requires that when a user agent provides the Origin header, it must either send "null" or the ASCII serialization of the origin.  ASCII serialization (and Unicode serialization) stipulates that if an origin is not a scheme/host/port tuple, then it must return "null".  Section 2 allows implementations to define other types of origins in addition to the scheme/host/port tuple.  So my question is, if a user agent defines another type of origin, but is required to send "null" for it in the Origin header, is there some other use for defining other types of origins?
>>>
>>>
>>> - Bil
>>>
>>> [1] http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt
>>>
>>>
>>>
>>
>>
>
>
>

Received on Saturday, 11 April 2009 16:46:54 UTC