On Fri, Jun 12, 2009 at 7:03 PM, Adam Barth <w3c@adambarth.com> wrote:
> > What server side behavior difference do you expect between messages with
> no Origin and messages with "Origin: null".
>
> You'll have to include Origin: null for POST requests. You should
> include it for GET as well.
>
Does "have to" == "MUST"?
On credential-free GET, why "should" rather than "MUST"?
Isn't your answer above only about client (user agent) behavior? I'd still
like understand what the recommended/expected difference in server behavior
should/might be depending of whether Origin is absent or null. Thanks.
--
Cheers,
--MarkM