[whatwg] "null" versus "" in origin serialization
Ian Hickson
ian at hixie.ch
Mon Oct 20 08:13:22 PDT 2008
On Tue, 14 Oct 2008, Adam Barth wrote:
>
> Section 5.3 defines the serialization of an origin that is not a
> scheme/host/port triple as the empty string. This serialization (in its
> ASCII variation) is used by the Access Control for Cross-Site Requests
> spec to serialize an origin to an HTTP header. Using the empty string
> to represent these origins asks server operators to distinguish requests
> with an empty Origin header from requests without an Origin header.
> Server operators will often wish to take drastically different actions
> based on these requests, but this difference can be tricky to
> distinguish in some languages, such as mod_security and PHP.
>
> We should change the serialization of these origins to the string
> literal "null" as they were serialized in a previous draft of the Access
> Control spec. This would have the effect of changing the origin
> property of message events generated by postMessage(), but this change
> is unlikely to break users of that API as the empty string case is quite
> unusual.
Done.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list