[whatwg] XXX-Origin header
Bil Corry
bil at corry.biz
Thu Apr 2 21:15:14 PDT 2009
Since the public-webapps list was never able to reconcile[1] HTML5's Origin header (now renamed XXX-Origin[2]) with CORS's Origin header[3], we're left with two headers with similar implementations and similar names. Due to this, it may prudent to rename XXX-Origin to something without "Origin" in the name to better distinguish between the two. I don't know what the header should be renamed to ("Source"?), but no matter which name is chosen for the header, it should be listed as a prohibited header for XHR.setRequestHeader()[4].
- Bil
[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html
[2] http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step
[3] http://www.w3.org/TR/cors/#origin-header
[4] http://www.w3.org/TR/XMLHttpRequest2/#author-request-headers
More information about the whatwg
mailing list