- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 08 Jun 2012 12:19:57 +0200
- To: Adam Barth <w3c@adambarth.com>
- CC: Anne van Kesteren <annevk@annevk.nl>, www-archive <www-archive@w3.org>
On 2012-06-08 09:41, Adam Barth wrote: > On Fri, Jun 8, 2012 at 12:31 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Not sure where http://tools.ietf.org/html/rfc6454 is discussed these >> days, but I think we should issue an errata for the list of origins. >> In particular, I think we should not have the list of origins concept >> in the platform and only accept a single origin or null. The new >> syntax would be: >> >> origin = "Origin:" OWS origin-or-null OWS >> origin-or-null = %x6E %x75 %x6C %x6C / serialized-origin >> >> It was introduced for CORS, but we decided not to use it there. I >> don't think we want it elsewhere either. And leaving things like that >> up to choice is bad. >> >> What do you think? > > Ok. We added it for CORS to support redirects. If you're not using > it in CORS, I don't know of any other reason for it existing. > > I'm not sure how best to handle these issues from a process point of > view. The IETF has an errata process we can try if you like. I'm > open to other suggestions. If there is agreement that this should change, I recommend submitting an erratum (<http://www.rfc-editor.org/errata.php#reportnew>). I would expect that this would be classified as "held for document update"; so at some point in the future the RFC would need to be revised. The right place to discuss this BTW is the ietf websec WG (<http://tools.ietf.org/wg/websec/>). Best regards, Julian
Received on Friday, 8 June 2012 10:20:36 UTC