[whatwg] XXX-Origin header

Bil Corry bil at corry.biz
Thu Apr 2 21:15:14 PDT 2009

Since the public-webapps list was never able to reconcile[1] HTML5's Origin header (now renamed XXX-Origin[2]) with CORS's Origin header[3], we're left with two headers with similar implementations and similar names.  Due to this, it may prudent to rename XXX-Origin to something without "Origin" in the name to better distinguish between the two.  I don't know what the header should be renamed to ("Source"?), but no matter which name is chosen for the header, it should be listed as a prohibited header for XHR.setRequestHeader()[4].

- Bil

[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html
[2] http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
[3] http://www.w3.org/TR/cors/#origin-header
[4] http://www.w3.org/TR/XMLHttpRequest2/#author-request-headers

More information about the whatwg mailing list