On Tue, 29 Sep 2009 18:53:20 +0200, Adam Barth <[email protected]> wrote:
The origin-list production should use SP and not 1*WSP. I'd like to
keep the format as simple as possible.
Fixed.
It is now 1*SP. Since the requirement on user agents is a single space I
think just SP would be better.
I also think the draft should make a requirement for one of the two
options regarding redirects and not leave it open.
I haven't changed this because the draft always lets the client send
the value "null". This is a fail-safe so that the client can always
proceed even if it forgets what the origin ought to be. Here you
should imagine some code close to the wire that adds an "Origin: null"
header if the request somehow got there without an Origin header.
Ok.
Is the idea that CORS will reference this draft in the end? Currently I
have registered the Origin header with IANA.
I'd be more than happy if CORS referenced this draft. Let me know if
there's anything I can do to make this easier for you.
It would be nice if there was a production item for 'OWS [ "null" /
origin-list ] OWS' so that I can use that for Access-Control-Allow-Origin.
I.e. origin-value or some such.
--
Anne van Kesteren
http://annevankesteren.nl/
