- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 02 Oct 2009 11:58:54 +0200
- To: "Adam Barth" <w3c@adambarth.com>
- Cc: www-archive@w3.org
On Tue, 29 Sep 2009 18:53:20 +0200, Adam Barth <w3c@adambarth.com> wrote: >> The origin-list production should use SP and not 1*WSP. I'd like to >> keep the format as simple as possible. > > Fixed. It is now 1*SP. Since the requirement on user agents is a single space I think just SP would be better. >> I also think the draft should make a requirement for one of the two >> options regarding redirects and not leave it open. > > I haven't changed this because the draft always lets the client send > the value "null". This is a fail-safe so that the client can always > proceed even if it forgets what the origin ought to be. Here you > should imagine some code close to the wire that adds an "Origin: null" > header if the request somehow got there without an Origin header. Ok. >> Is the idea that CORS will reference this draft in the end? Currently I >> have registered the Origin header with IANA. > > I'd be more than happy if CORS referenced this draft. Let me know if > there's anything I can do to make this easier for you. It would be nice if there was a production item for 'OWS [ "null" / origin-list ] OWS' so that I can use that for Access-Control-Allow-Origin. I.e. origin-value or some such. -- Anne van Kesteren http://annevankesteren.nl/
Received on Friday, 2 October 2009 09:59:58 UTC