- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 23 Jun 2008 18:09:16 +0200
On Mon, 23 Jun 2008 14:18:22 +0200, Frode B?rli <frode at seria.no> wrote: > Hi! Thank you for pointing to that document. I quickly scanned trough > it but I have a small problem with the specification: does it require > web servers to check the Origin header? What happens with older web > applications that do not check this header? It's not strictly required, but highly recommended. Older Web applications wouldn't opt-in and would therefore be as vulnerable as they are today. Anyway, this is the wrong list to debate that specification. You want public-webapps at w3.org. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 23 June 2008 09:09:16 UTC