[whatwg] Fetch: Origin header from Anne van Kesteren on 2013-03-06 (public-whatwg-archive@w3.org from March 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 6 Mar 2013 14:46:44 +0000
To: WHATWG <whatwg@whatwg.org>
Message-ID: <CADnb78iVax26VypOyKsLSL7_aN4oYSzb5rpOM6M+CU+yke2mvA@mail.gmail.com>

It seems we have a bunch of different policies for setting the Origin header :-(

XMLHttpRequest always sets it to the given value.

HTML's "fetch" only sets it to a non-null value if a from parameter is passed.

HTML's "potentially CORS-enabled fetch" seems to never invoke "fetch"
with a from parameter except indirectly via CORS' cross-origin
request.

CORS' cross-origin request always sets Origin to a given value.

So HTML's "potentially CORS-enabled fetch" is incompatible with XMLHttpRequest.


I've been trying to reconcile this mess in a draft at
http://html5.org/temp/fetch.html but I really wonder at this point
what is required and what is not. It would be really annoying I think
if we really required quite that many different ways of doing the same
thing.


-- 
http://annevankesteren.nl/

Received on Wednesday, 6 March 2013 14:47:18 UTC