On Mon, 24 May 2010, Bil Corry wrote: > Adam Barth wrote on 7/16/2009 10:38 AM: > > On Thu, Jul 16, 2009 at 8:47 AM, Bil Corry<b...@corry.biz> wrote: > >> I think you mean everything will NOT be privacy-sensitive except non-XHR > >> GETs. > > > > I don't think we've quite settled on exactly what will be privacy > > sensitive. It's most likely that POSTs and XHR will not be and that > > hyperlinks and image loads will be. The goal is to harmonize with the > > Mozilla proposal. > > I haven't been following the progress of this, has "privacy-sensitive" been > defined in HTML5 yet?
Yes. > The only reference I could find was in "2.6 Fetching Resources": > > ---8<--- > For the purposes of the Origin header, if the fetching algorithm was > explicitly initiated from an origin, then the origin that initiated the HTTP > request is origin. Otherwise, this is a request from a "privacy-sensitive" > context. [ORIGIN] > > (from: > http://www.whatwg.org/specs/web-apps/current-work/multipage/urls.html#fetching-resources) > --->8--- That is the definition. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'