Loading ...
Sorry, an error occurred while loading the content.

Re: Change JSONRequest Domain header to Origin header

Expand Messages
  • Collin Jackson
    On Sat, May 24, 2008 at 2:46 PM, Douglas Crockford ... Here is a version that doesn t reference any specs. Alternatively, you could reference either the HTML 5
    Message 1 of 1 , May 24, 2008
    • 0 Attachment
      On Sat, May 24, 2008 at 2:46 PM, Douglas Crockford
      <douglas@...> wrote:
      > On Sat, May 24, 2008 at 2:37 PM, Collin Jackson <collin@...> wrote:
      > > Can we change the name of JSONRequest's Domain header to also be
      > > Origin and have its behavior match XHR2 and postMessage? This will
      > > allow servers to enforce security policies based on scheme and port
      > > [2].
      >
      > > Yes. Send me the formal text and I will update the doc.

      Here is a version that doesn't reference any specs. Alternatively, you
      could reference either the HTML 5 specification
      <http://www.whatwg.org/specs/web-apps/current-work/multipage/section-origin.html">
      or the Access-Control specification
      <http://www.w3.org/TR/access-control/#access-control-origin>.

      <h3><code>Origin</code></h3>

      The <code>Origin</code> is the serialization of the security origin of
      the page from which the request is issued. It can be used by the
      server when deciding to allow the request. It is the scheme followed
      by <code>://</code>, followed by the original
      <code>document.domain</code> without any trailing U+002E (.), if any,
      where each part of the domain has had the IDNA ToASCII algorithm
      applied. Then, if port is not the default port for the scheme, follow
      it by <code>:</code> and the port. If the source of the request does
      not have a host-based authority, the access control origin is the
      literal string "null" (without the quotation marks).
    Your message has been successfully submitted and would be delivered to recipients shortly.