- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 24 Jun 2009 20:48:40 -0700
- To: Bil Corry <bil@corry.biz>
- Cc: Jonas Sicking <jonas@sicking.cc>, Tyler Close <tyler.close@gmail.com>, Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>, Henry Thompson <ht@inf.ed.ac.uk>
On Wed, Jun 24, 2009 at 8:42 PM, Bil Corry<bil@corry.biz> wrote: > As written, a conforming UA could choose to always send NULL for redirects, which would be unfortunate. That's correct. > More concerning though, a conforming UA could choose to always send NULL for *all* HTTP requests. That's correct. > Might it be better to more strictly define the behavior? That's why the draft says: Whenever a user agent issues an HTTP request that (1) is *not* the result of an HTTP redirect and (2) is *not* initiated from a "privacy-sensitive" context, the user agent SHOULD set the value of the Sec-From header to the ASCII serialization of the origin that initiated the HTTP request. Adam
Received on Thursday, 25 June 2009 03:49:40 UTC