- From: Larry Masinter <LMM@acm.org>
- Date: Thu, 22 Jan 2009 09:33:13 -0800
- To: "'Mark Nottingham'" <mnot@mnot.net>
- Cc: <ietf-http-wg@w3.org>, "'Lisa Dusseault'" <ldusseault@commerce.net>
The document http://tools.ietf.org/html/draft-abarth-origin proposes a new HTTP header and rules for its use as a way of addressing Cross-Site Request Forgery (CSRF) attacks. This was part of the HTML5 work in WhatWG and W3C HTML working group. Is there's a better venue for discussion of this draft than ietf-http-wg@w3.org? Larry -- http://larry.masinter.net
Received on Thursday, 22 January 2009 17:33:52 UTC