- From: Michal Zalewski <lcamtuf@dione.cc>
- Date: Mon, 29 Sep 2008 14:20:48 +0200 (CEST)
On Mon, 29 Sep 2008, Anne van Kesteren wrote: > A cross-site XMLHttpRequest request would always include Origin. I > haven't really seen other specifications start using it yet, but I > believe there are some experimental implementations for including it in > cross-site <form> POST requests. Yup, I mean the non-XMLHttpRequest "Origin" header as proposed / implemented by Adam Barth and Collin Jackson for generic POSTs (though I might be not doing the implementation justice, so it's probably best for them to chime in). /mz
Received on Monday, 29 September 2008 05:20:48 UTC