- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 12 Apr 2010 15:41:33 -0700
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, Arthur Barstow <art.barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Mon, Apr 12, 2010 at 3:10 PM, Tyler Close <tyler.close@gmail.com> wrote: >> I think even taken together, your set of subset conditions does guarantee >> that a CORS client implementation is automatically also a UMP client >> implementation. If we went that way, then we would have to consider whether >> there will ever be client implementors of UMP itself, or it will be >> impossible to fulfill CR exit criteria. > > If there are implementers of CORS, then by definition, there are > implementers of UMP. I don't see anything in CR exit criteria that > requires implementers to swear not to also implement other > specifications. So is sending the 'Origin' and 'Referer' headers ok per UMP? The current CORS implementation in firefox always sends those headers. I would have imagined that UMP would explicitly forbid any ambient authority or identity information other than IP number? / Jonas
Received on Monday, 12 April 2010 22:42:30 UTC