[whatwg] Fetch: Origin header
Anne van Kesteren
annevk at annevk.nl
Wed Mar 6 06:46:44 PST 2013
It seems we have a bunch of different policies for setting the Origin header :-(
XMLHttpRequest always sets it to the given value.
HTML's "fetch" only sets it to a non-null value if a from parameter is passed.
HTML's "potentially CORS-enabled fetch" seems to never invoke "fetch"
with a from parameter except indirectly via CORS' cross-origin
request.
CORS' cross-origin request always sets Origin to a given value.
So HTML's "potentially CORS-enabled fetch" is incompatible with XMLHttpRequest.
I've been trying to reconcile this mess in a draft at
http://html5.org/temp/fetch.html but I really wonder at this point
what is required and what is not. It would be really annoying I think
if we really required quite that many different ways of doing the same
thing.
--
http://annevankesteren.nl/
More information about the whatwg
mailing list