- From: Bil Corry <bil@corry.biz>
- Date: Wed, 14 Jan 2009 13:41:00 -0600
- To: public-webapps@w3.org
Thomas Roessler wrote on 1/12/2009 8:02 PM: > Having the CSRF-Origin defined in an RFC or another separate spec is a > good idea independently of whether or not it ends up being the same > header that's used for cross-site XHR. If someone wants to form an "Origin" BOF at the next IETF meeting in March (with the idea of creating a RFC), I'll attend. I'm already planning to be there for the Cookie BOF. - Bil
Received on Wednesday, 14 January 2009 19:41:40 UTC