On Wed, 22 May 2013, Anne van Kesteren wrote: > > As Bj?rn points out in > http://www.ietf.org/mail-archive/web/websec/current/msg01512.html > defining origin of a URL in terms of STD66 is broken. So we should > define it in terms of the URL Standard. > > The Origin header also has problems, as it suggests you can have a > space-separated list, which we disallowed almost immediately after the > Origin RFC was published and the IETF group did not accept errata for. > > Now "Origin of a URL" can be defined in the URL Standard (not done yet). > I put an updated definition of the header here: > http://fetch.spec.whatwg.org/#http-origin-header > > Where should we put the definition of origin itself? Back in HTML? I > guess it still is mostly.
What exactly is it you want moved, from where to where? Just the "origin of a URL"? I'm guessing Adam would be interested in revving the Origin spec to be more accurate if there's a problem with it; that would be my preference if at all possible. See also Adam's response to the message you cite above: http://www.ietf.org/mail-archive/web/websec/current/msg01520.html -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'