Re: Do we need to rename the Origin header?

Ian Hickson wrote on 7/14/2009 6:37 PM: 
> On Tue, 14 Jul 2009, Bil Corry wrote:
>> Ian Hickson wrote on 7/14/2009 12:49 AM: 
>>> (Trimmed cc list to avoid cross-posting.)
>>> On Thu, 25 Jun 2009, Bil Corry wrote:
>>>> Thanks for the clarification.  Will there be some mechanism within HTML5 
>>>> to denote links that are privacy-sensitive versus those that are not?  
>>>> I'm imagining that by default, links to external resources would be 
>>>> considered private unless denoted as public (non-private?).
>>> I have no plans to add such a feature at this time, but I suppose if 
>>> Sec-From becomes popular, we could add it at some future point, sure.
>> The Sec-From draft relies on the adopter to define what constitutes 
>> "privacy-sensitive" -- will you be adding this definition to HTML5?
> HTML5 will say whatever Adam tells me it should say once the draft is 
> stable.

Given that identical requests may or may not be "privacy-sensitive" based entirely on context[1], and given that only the site itself understands the context, and given that HTML5 will not provide a way for the author to denote the context, we're left with Adam's default definition which may or may not be appropriate for any given request.  We should revisit this once Adam has defined "privacy-sensitive".

- Bil

[1] Jonas Sicking does an excellent job of explaining the thorny issue of "privacy-sensitive" and context in this post:

Received on Wednesday, 15 July 2009 20:14:51 UTC