7599 2009-09-13 11:24:20 +0000 Either drop the two places that set the "Origin" HTTP header, or update HTML5 to match the Sec-From/Origin I-D (if the latter is stable enough yet). 2010-10-04 14:55:14 +0000 1 1 1 Unclassified HTML WG pre-LC1 HTML5 spec (editor: Ian Hickson) unspecified All All VERIFIED FIXED http://www.whatwg.org/specs/web-apps/current-work/#navigate-fragid-step NE, NoReply P3 normal LC 1 contributor ian julian.reschke mike public-html-admin public-html-wg-issue-tracking w3c public-html-bugzilla oldest_to_newest 27118 0 contributor 2009-09-13 11:24:20 +0000 Section: http://www.whatwg.org/specs/web-apps/current-work/#navigate-fragid-step Comment: Either drop the two places that set the "Origin" HTTP header, or update HTML5 to match the Sec-From/Origin I-D (if the latter is stable enough yet). Posted from: 98.248.33.53 27478 1 w3c 2009-09-22 05:53:59 +0000 It would be helpful to rename Origin to Sec-From and to incorporate the list of privacy-sensitive contexts from this page: https://wiki.mozilla.org/Security/Sec-From 27655 2 w3c 2009-09-24 23:31:38 +0000 We've harmonized the Origin header with CORS. There is no need to renamed the header anymore, but it would be useful to list the privacy-sensitive contexts as described in Comment #1. 27739 3 contributor 2009-09-28 23:43:37 +0000 Checked in as WHATWG revision r4011. Check-in comment: Synchronise with the latest Origin spec rules and semantics. http://html5.org/tools/web-apps-tracker?from=4010&to=4011 33438 4 mjs 2010-03-14 14:51:07 +0000 This bug predates the HTML Working Group Decision Policy. If you are satisfied with the resolution of this bug, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html This bug is now being moved to VERIFIED. Please respond within two weeks. If this bug is not closed, reopened or escalated within two weeks, it may be marked as NoReply and will no longer be considered a pending comment.