W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Mark S. Miller <erights@google.com>
Date: Fri, 12 Jun 2009 19:17:44 -0700
Message-ID: <4d2fac900906121917w77a6fb89mf4ea4d0f6deb26a3@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: Anne van Kesteren <annevk@opera.com>, Tyler Close <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>
On Fri, Jun 12, 2009 at 7:03 PM, Adam Barth <w3c@adambarth.com> wrote:

> > What server side behavior difference do you expect between messages with
> no Origin and messages with "Origin: null".
> You'll have to include Origin: null for POST requests.  You should
> include it for GET as well.

Does "have to" == "MUST"?
On credential-free GET, why "should" rather than "MUST"?

Isn't your answer above only about client (user agent) behavior? I'd still
like understand what the recommended/expected difference in server behavior
should/might be depending of whether Origin is absent or null. Thanks.

Received on Saturday, 13 June 2009 02:18:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC