Fwd: Cross-Origin Resource Sharing - text from Anne van Kesteren on 2013-09-24 (public-webappsec@w3.org from September 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 24 Sep 2013 17:59:14 -0400
To: WebAppSec WG <public-webappsec@w3.org>
Cc: "Spradley, Ted (Sales IT)" <ted.spradley@hp.com>
Message-ID: <CADnb78jzRrMMQpRQBqJyO7EvduLWr9y-qtZXS_86BHG8fanCNA@mail.gmail.com>

(Forwarding with permission.)

Brad, you might want to look at this. It does not seem to apply to
http://fetch.spec.whatwg.org/

---------- Forwarded message ----------
Date: Tue, Sep 24, 2013 at 3:45 PM

Hi,

Please accept this suggestion for wording in the spirit submitted.

Regarding text from http://www.w3.org/TR/cors/ version cors-2030129:

The sentence “The user agent validates that the value and origin of
where the request originated match” may better communicate the
intended meaning if it reads:

“The user agent validates that the response
Access-Control-Allow-Origin header value matches the origin from where
the request originated.”

Thank you,

Ted Spradley

Advanced Planning and SPT Labs
Hewlett Packard


-- 
http://annevankesteren.nl/

Received on Tuesday, 24 September 2013 21:59:41 UTC