On Tue, Apr 7, 2009 at 10:24 AM, Bil Corry <b...@corry.biz> wrote: > How set in stone is Origin within CORS?
I don't think we want to impede CORS with these issues. CORS is quite close to shipping in a number of implementations. I certainly don't want to hold it hostage. > The ideal scenario would be to merge all the various proposed Origin > specifications into one that is well thought out and handles the bulk of the > use cases. Given infinite time, I agree. However, there is tremendous value in shipping CORS sooner rather than later. > At this point, I'm aware of four Origin descriptions, are there any others? > > CORS: http://www.w3.org/TR/cors/#origin-header > HTML5: > http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#navigate-fragid-step > Barth: http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt These two, at least, are the same. We separated the XXX-Origin bit from the HTML 5 spec because folks from the IETF were interested in reviewing it separately from HTML 5. > Moz: https://wiki.mozilla.org/Security/Origin Adam
