Anne van Kesteren wrote:
> ...
What's true is that you can't require existing HTTP/1.1 clients to
send it with every POST request (did anybody seriously suggest that?).
The suggestion was for POST requests the browser makes based on Web APIs
(e.g., XMLHttpRequest, <form>, etc.).
OK, so that sounds like syntax and semantics of Origin should be defined
in a separate spec, and then XmlHttpRequest and HTML5 can make a
normative requirement (for their scenarios) about when it needs to be
supplied.
BR, Julian
