[whatwg] Fetch: Origin header

Anne van Kesteren annevk at annevk.nl
Wed Mar 6 06:46:44 PST 2013


It seems we have a bunch of different policies for setting the Origin header :-(

XMLHttpRequest always sets it to the given value.

HTML's "fetch" only sets it to a non-null value if a from parameter is passed.

HTML's "potentially CORS-enabled fetch" seems to never invoke "fetch"
with a from parameter except indirectly via CORS' cross-origin
request.

CORS' cross-origin request always sets Origin to a given value.

So HTML's "potentially CORS-enabled fetch" is incompatible with XMLHttpRequest.


I've been trying to reconcile this mess in a draft at
http://html5.org/temp/fetch.html but I really wonder at this point
what is required and what is not. It would be really annoying I think
if we really required quite that many different ways of doing the same
thing.


-- 
http://annevankesteren.nl/


More information about the whatwg mailing list