[whatwg] XXX-Origin header from Bil Corry on 2009-04-03 (public-whatwg-archive@w3.org from April 2009)

From: Bil Corry <bil@corry.biz>
Date: Thu, 02 Apr 2009 23:15:14 -0500
Message-ID: <49D58D52.3060705@corry.biz>

Since the public-webapps list was never able to reconcile[1] HTML5's Origin header (now renamed XXX-Origin[2]) with CORS's Origin header[3], we're left with two headers with similar implementations and similar names.  Due to this, it may prudent to rename XXX-Origin to something without "Origin" in the name to better distinguish between the two.  I don't know what the header should be renamed to ("Source"?), but no matter which name is chosen for the header, it should be listed as a prohibited header for XHR.setRequestHeader()[4].

- Bil


[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html
[2] http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
[3] http://www.w3.org/TR/cors/#origin-header
[4] http://www.w3.org/TR/XMLHttpRequest2/#author-request-headers

Received on Thursday, 2 April 2009 21:15:14 UTC