[whatwg] Reorganizing and fixing "origin"

Anne van Kesteren annevk at annevk.nl
Wed May 22 00:53:13 PDT 2013


As Björn points out in
http://www.ietf.org/mail-archive/web/websec/current/msg01512.html
defining origin of a URL in terms of STD66 is broken. So we should
define it in terms of the URL Standard.

The Origin header also has problems, as it suggests you can have a
space-separated list, which we disallowed almost immediately after the
Origin RFC was published and the IETF group did not accept errata for.

Now "Origin of a URL" can be defined in the URL Standard (not done
yet). I put an updated definition of the header here:
http://fetch.spec.whatwg.org/#http-origin-header

Where should we put the definition of origin itself? Back in HTML? I
guess it still is mostly.


--
http://annevankesteren.nl/


More information about the whatwg mailing list