W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] TAG request concerning CORS & Next Step(s)

From: Tyler Close <tyler.close@gmail.com>
Date: Wed, 24 Jun 2009 11:45:44 -0700
Message-ID: <5691356f0906241145y17e5070cqc76eecb00d164bf0@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>, Henry Thompson <ht@inf.ed.ac.uk>
On Wed, Jun 24, 2009 at 10:16 AM, Jonas Sicking<jonas@sicking.cc> wrote:
> Firefox 3.5 will be out in a matter of days (RC available already) and
> it supports the majority of CORS (everything but redirects of
> preflighted requests).

What is the behavior of the Origin header on other kinds of redirects?
For example:

1. page from Site A does: POST text/plain to a URL at Site B

2. Site B responds with a redirect to a URL at Site A

3. User clicks through any presented redirect confirmation dialog

4. Browser sends the POST from step 1 to the specified URL at Site A.

What is the value of the Origin header in step 4?


"Waterken News: Capability security on the Web"
Received on Wednesday, 24 June 2009 18:46:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC