As Björn points out in http://www.ietf.org/mail-archive/web/websec/current/msg01512.html defining origin of a URL in terms of STD66 is broken. So we should define it in terms of the URL Standard. The Origin header also has problems, as it suggests you can have a space-separated list, which we disallowed almost immediately after the Origin RFC was published and the IETF group did not accept errata for. Now "Origin of a URL" can be defined in the URL Standard (not done yet). I put an updated definition of the header here: http://fetch.spec.whatwg.org/#http-origin-header Where should we put the definition of origin itself? Back in HTML? I guess it still is mostly. -- http://annevankesteren.nl/Received on Wednesday, 22 May 2013 07:53:43 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:59 UTC