- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 08 Oct 2009 17:06:11 +0200
- To: "Henry S. Thompson" <ht@inf.ed.ac.uk>, "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Arthur Barstow" <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
On Wed, 24 Jun 2009 19:22:35 +0200, Henry S. Thompson <ht@inf.ed.ac.uk> wrote: > One point of clarification: my (admittedly imperfect) understanding > was that the most important parts of CORS have to be implemented > _server_-side for the proposal to achieve its goals. If that's true, > browser deployment alone is insufficient. Is that a misunderstanding > on my part? As was pointed out elsewhere in this thread it was. I was wondering if the TAG considers this item closed or wishes to know something more, in which case I'd like to hear about it! I'm trying to wrap up email threads and this is one of them. Thanks! Kind regards, PS: The remainder of this thread about redirects and CSRF is being taken care of by updates to both CORS and the Origin header draft Adam is working on. In short Origin will most likely become a space-separated list revealing the entire request chain. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 8 October 2009 15:06:56 UTC