On Fri, Jun 12, 2009 at 7:03 PM, Adam Barth <[email protected]> wrote:
> > What server side behavior difference do you expect between messages with > no Origin and messages with "Origin: null". > > You'll have to include Origin: null for POST requests. You should > include it for GET as well. > Does "have to" == "MUST"? On credential-free GET, why "should" rather than "MUST"? Isn't your answer above only about client (user agent) behavior? I'd still like understand what the recommended/expected difference in server behavior should/might be depending of whether Origin is absent or null. Thanks. -- Cheers, --MarkM
