- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 12 Jul 2013 20:34:29 +0000 (UTC)
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@whatwg.org>, Adam Barth <abarth@eecs.berkeley.edu>
On Wed, 22 May 2013, Anne van Kesteren wrote: > > As Bj?rn points out in > http://www.ietf.org/mail-archive/web/websec/current/msg01512.html > defining origin of a URL in terms of STD66 is broken. So we should > define it in terms of the URL Standard. > > The Origin header also has problems, as it suggests you can have a > space-separated list, which we disallowed almost immediately after the > Origin RFC was published and the IETF group did not accept errata for. > > Now "Origin of a URL" can be defined in the URL Standard (not done yet). > I put an updated definition of the header here: > http://fetch.spec.whatwg.org/#http-origin-header > > Where should we put the definition of origin itself? Back in HTML? I > guess it still is mostly. What exactly is it you want moved, from where to where? Just the "origin of a URL"? I'm guessing Adam would be interested in revving the Origin spec to be more accurate if there's a problem with it; that would be my preference if at all possible. See also Adam's response to the message you cite above: http://www.ietf.org/mail-archive/web/websec/current/msg01520.html -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 12 July 2013 20:34:53 UTC