- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 22 May 2013 08:53:13 +0100
- To: WHATWG <whatwg@whatwg.org>
As Björn points out in http://www.ietf.org/mail-archive/web/websec/current/msg01512.html defining origin of a URL in terms of STD66 is broken. So we should define it in terms of the URL Standard. The Origin header also has problems, as it suggests you can have a space-separated list, which we disallowed almost immediately after the Origin RFC was published and the IETF group did not accept errata for. Now "Origin of a URL" can be defined in the URL Standard (not done yet). I put an updated definition of the header here: http://fetch.spec.whatwg.org/#http-origin-header Where should we put the definition of origin itself? Back in HTML? I guess it still is mostly. -- http://annevankesteren.nl/
Received on Wednesday, 22 May 2013 07:53:43 UTC