RE: Do we need to rename the Origin header?

I appreciate that Jonas wanted to give some of the implementations time to consider this request.

As he said, we are very close to shipping, and consequently making these types of changes can be tricky. We're discussing this internally at the moment and hope to reply very soon.

-----Original Message-----
From: [] On Behalf Of Anne van Kesteren
Sent: Tuesday, January 13, 2009 7:32 AM
To: Jonas Sicking;; Maciej Stachowiak; Sam Weinig; Adam Barth
Subject: Re: Do we need to rename the Origin header?

On Tue, 13 Jan 2009 01:31:49 +0100, Jonas Sicking <> wrote:
> My suggestion is to rename "Origin" to "Access-Control-Request-Origin"
> or "Access-Control-Origin" if possible (depends on where current
> implementers are in their ship schedule), or that we request that the
> CSRF protection header be renamed to something other than "Origin".

I'm fine with renaming it to Access-Control-Request-Origin as far as the
Access Control draft is concerned.

Maciej, Sam, Adam?

Anne van Kesteren

Received on Tuesday, 13 January 2009 16:41:37 UTC