Re: Do we need to rename the Origin header?

Thomas Roessler wrote on 1/12/2009 8:02 PM: 
> Having the CSRF-Origin defined in an RFC or another separate spec is a
> good idea independently of whether or not it ends up being the same
> header that's used for cross-site XHR.

If someone wants to form an "Origin" BOF at the next IETF meeting in March (with the idea of creating a RFC), I'll attend.  I'm already planning to be there for the Cookie BOF.


- Bil

Received on Wednesday, 14 January 2009 19:41:40 UTC