[owasp-intrinsic-security] Fwd: FYI, Origin header in IETF HTTP WG

Bil Corry bil at corry.biz
Tue Jan 27 17:11:02 EST 2009


Seba wrote on 1/27/2009 2:16 AM: 
> Thought you wanted to know this.
> What can we propose as feedback to the IETF workgroup ?

And there's also been some discussion on the public-webapps list too in three threads that might be worthwhile reading through:

	Do we need to rename the Origin header?
	http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/#msg57

	[access-control] Access-Control-Allow-Origin: * and ascii-origin in IE8
	http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/#msg90

	Origin IETF draft
	http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/#msg124


The most critical discussion though has been on the ietf-http-wg list.


- Bil



More information about the owasp-intrinsic-security mailing list