- From: Travis Leithead <Travis.Leithead@microsoft.com>
- Date: Tue, 13 Jan 2009 08:42:18 -0800
- To: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, "public-webapps@w3.org" <public-webapps@w3.org>, Maciej Stachowiak <mjs@apple.com>, Sam Weinig <weinig@apple.com>, Adam Barth <w3c@adambarth.com>
I appreciate that Jonas wanted to give some of the implementations time to consider this request. As he said, we are very close to shipping, and consequently making these types of changes can be tricky. We're discussing this internally at the moment and hope to reply very soon. -----Original Message----- From: public-webapps-request@w3.org [mailto:public-webapps-request@w3.org] On Behalf Of Anne van Kesteren Sent: Tuesday, January 13, 2009 7:32 AM To: Jonas Sicking; public-webapps@w3.org; Maciej Stachowiak; Sam Weinig; Adam Barth Subject: Re: Do we need to rename the Origin header? On Tue, 13 Jan 2009 01:31:49 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > My suggestion is to rename "Origin" to "Access-Control-Request-Origin" > or "Access-Control-Origin" if possible (depends on where current > implementers are in their ship schedule), or that we request that the > CSRF protection header be renamed to something other than "Origin". I'm fine with renaming it to Access-Control-Request-Origin as far as the Access Control draft is concerned. Maciej, Sam, Adam? -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 13 January 2009 16:41:37 UTC