- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Tue, 30 Sep 2008 10:39:37 +1300
On Tue, Sep 30, 2008 at 9:06 AM, Adam Barth <whatwg at adambarth.com> wrote: > The current proposal is to sent the Origin header for non-GET, > non-HEAD requests. The main reason not to send the header all the > time is that it raises similar privacy concerns as the Referer header, > which have caused the Referer header to be suppressed a non-trivial > fraction of the time. > This is why it would be helpful to also support a "don't load me across origins" header sent by the server. Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6] -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080930/3a23d827/attachment.htm>
Received on Monday, 29 September 2008 14:39:37 UTC