- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 7 Mar 2013 11:29:22 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@whatwg.org>
On Thu, Mar 7, 2013 at 9:07 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, Mar 6, 2013 at 3:21 PM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Unless PHP does not expose Origin under HTTP_ORIGIN in $_SERVER as one >> would expect... > > (It does btw.) > > So I also "tested" the "fetch from an origin" in the specification > http://dump.testsuite.org/fetch/form.html and it turns out that only > WebKit exhibits this behavior. Other browsers do not include Origin in > a navigation that uses the POST method. > > Adam, is that something you think we should keep? I don't have strong feelings one way or another. Generally, I think it's a good idea if the presence of the Origin header isn't synonymous with the request being a CORS request because that could limit our ability to use the Origin header in the future. Adam
Received on Thursday, 7 March 2013 19:30:25 UTC