What are the plans for Mozilla's Origin proposal[1] given that the CORS Origin header[2] and Barth's Sec-From header[3] are possibly going to be merged into a single specification? I believe the largest difference is the handling of frames in the Mozilla proposal. I brought this question up on the IETF-HTTP-WG list and Adam Barth indicated that he thought Mozilla would be withdrawing frame support[4].
- Bil [1] https://wiki.mozilla.org/Security/Origin [2] http://www.w3.org/TR/cors/#origin-request-header [3] http://tools.ietf.org/html/draft-abarth-origin-01 [4] http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0084.html _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security