Hi Bil-
We are indeed planning to revise our spec to be in line with Adam
Barth's Sec-From proposal and, like he mentioned on IETF-HTTP-WG, drop
frame support. [1] is pretty out of date and I plan to replace it with
something more accurate by the end of the week.
Cheers,
Sid
On 7/13/09 2:20 PM, Bil Corry wrote:
What are the plans for Mozilla's Origin proposal[1] given that the CORS Origin
header[2] and Barth's Sec-From header[3] are possibly going to be merged into a
single specification? I believe the largest difference is the handling of
frames in the Mozilla proposal. I brought this question up on the IETF-HTTP-WG
list and Adam Barth indicated that he thought Mozilla would be withdrawing
frame support[4].
- Bil
[1] https://wiki.mozilla.org/Security/Origin
[2] http://www.w3.org/TR/cors/#origin-request-header
[3] http://tools.ietf.org/html/draft-abarth-origin-01
[4] http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0084.html
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security