On Tue, May 14, 2013 at 11:46 AM, Hallvord Reiar Michaelsen Steen
<hallv...@opera.com> wrote:
> Say, for example, OpenID is a setup where the user might provide an
> "untrusted" URL to a third-party web site ("Here's the service that can
> authenticate me"), and XHR might be involved - but the Open ID *provider*
> would of course want to know what site it is interacting with, to present
> some information about what authenticating means to the user..
Why? That information could be in the resource. Or if you e.g.
implement your own browser-like thing that accepts arbitrary URLs you
would want something similar.
You might also want to do same-origin requests that do not include the
overhead of Cookie / Origin / Referrer headers. HTML already has
rel=noreferrer for that. We should expose functionality like that in
the low-level API.
--
http://annevankesteren.nl/
