[whatwg] Fetch: Origin header

Adam Barth w3c at adambarth.com
Thu Mar 7 11:29:22 PST 2013


On Thu, Mar 7, 2013 at 9:07 AM, Anne van Kesteren <annevk at annevk.nl> wrote:
> On Wed, Mar 6, 2013 at 3:21 PM, Anne van Kesteren <annevk at annevk.nl> wrote:
>> Unless PHP does not expose Origin under HTTP_ORIGIN in $_SERVER as one
>> would expect...
>
> (It does btw.)
>
> So I also "tested" the "fetch from an origin" in the specification
> http://dump.testsuite.org/fetch/form.html and it turns out that only
> WebKit exhibits this behavior. Other browsers do not include Origin in
> a navigation that uses the POST method.
>
> Adam, is that something you think we should keep?

I don't have strong feelings one way or another.  Generally, I think
it's a good idea if the presence of the Origin header isn't synonymous
with the request being a CORS request because that could limit our
ability to use the Origin header in the future.

Adam



More information about the whatwg mailing list