Thanks for clarifying the proposal; what through me off was the wiki history page indicates that it was last updated less than a month ago, so I wanted to double-check that the frame-support was being dropped.
And just out of curiosity, is frame support being dropped because it's not useful, it's challenging to implement, just strictly to be in line with Sec-From, or for some other reason? - Bil Sid Stamm wrote on 7/13/2009 4:37 PM: > We are indeed planning to revise our spec to be in line with Adam > Barth's Sec-From proposal and, like he mentioned on IETF-HTTP-WG, drop > frame support. [1] is pretty out of date and I plan to replace it with > something more accurate by the end of the week. > > On 7/13/09 2:20 PM, Bil Corry wrote: >> What are the plans for Mozilla's Origin proposal[1] given that the >> CORS Origin header[2] and Barth's Sec-From header[3] are possibly >> going to be merged into a single specification? I believe the largest >> difference is the handling of frames in the Mozilla proposal. I >> brought this question up on the IETF-HTTP-WG list and Adam Barth >> indicated that he thought Mozilla would be withdrawing frame support[4]. >> >> >> - Bil >> >> [1] https://wiki.mozilla.org/Security/Origin >> [2] http://www.w3.org/TR/cors/#origin-request-header >> [3] http://tools.ietf.org/html/draft-abarth-origin-01 >> [4] http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0084.html _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
