On Mon, Apr 6, 2009 at 8:01 AM, Bil Corry <b...@corry.biz> wrote: > Nevermind, I forgot that Adam conceded to changing his original Origin spec > to match the redirect behavior in CORS, and reading through his draft, I see > the change has been made to make them compatible.
Yes. This is not ideal from a CSRF mitigation point of view, but it is workable. Adam