- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 24 Sep 2009 16:22:34 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Collin Jackson <collin@collinjackson.com>, Mark Nottingham <mnot@mnot.net>, Ian Hickson <ian@hixie.ch>, HTTP Working Group <ietf-http-wg@w3.org>, public-webapps@w3.org, Tyler Close <tyler.close@gmail.com>
On Thu, Sep 24, 2009 at 9:00 AM, Anne van Kesteren <annevk@opera.com> wrote: > I have now specified the approach we discussed: > > http://dev.w3.org/2006/waf/access-control/ > > For simple requests redirects are followed. For other cross-origin requests > they are the equivalent of a network error. The Origin header is a > U+0020-separated list of origins. Each time a redirect takes place an origin > is added to the origin chain if it is not the same as the last origin that > was added. The Access-Control-Allow-Origin header needs to be identical to > the value of the Origin header, octet-for-octet. > > Let me know if I missed anything or if the draft is unclear. I've updated draft-abarth-origin to match (and switched the header name back from Sec-From to Origin): http://www.ietf.org/id/draft-abarth-origin-03.txt Thanks, Adam
Received on Thursday, 24 September 2009 23:23:36 UTC