16434 2012-03-19 15:36:03 +0000 Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) 2012-03-22 11:04:57 +0000 1 1 1 Unclassified WebAppsSec CORS unspecified All All RESOLVED FIXED P2 normal --- 1 odinho annevk ian mike public-webappsec w3c dave.null oldest_to_newest 65741 0 odinho 2012-03-19 15:36:03 +0000 In the redirect steps: http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#redirect-steps > 6. If the request URL origin is not same origin with the original URL origin, > set source origin to a globally unique identifier. It could instead say: > 6. If the request URL origin is not same origin with the original URL origin, > set source origin to a globally unique identifier (which would serialize > to 'null'). Just written better and nicer ;-) Although it'd be cool to just do s/a globally unique identifier/the string 'null'/g but that might be a bit too radical ;-) 65746 1 annevk 2012-03-19 15:58:39 +0000 Opinions Hixie or Adam? 65799 2 w3c 2012-03-20 04:57:11 +0000 The first change sounds fine. I'd have to look in detail, but the second change (the one written with s/../../g) might introduce a functional bug. For example, two unique origins are never the same, but the string 'null' is the same as another string 'null'. 65945 3 annevk 2012-03-22 11:04:57 +0000 Fixed: http://dvcs.w3.org/hg/cors/rev/e6a54cc83fc2