Bug 16434 - Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes)
Clarify that "global unique identifier" is an alias for "null" (for all CORS-...
Status: RESOLVED FIXED
Product: WebAppsSec
Classification: Unclassified
Component: CORS
unspecified
All All
: P2 normal
: ---
Assigned To: Anne
This bug has no owner yet - up for the taking
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-19 15:36 UTC by Odin Hørthe Omdal
Modified: 2012-03-22 11:04 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Odin Hørthe Omdal 2012-03-19 15:36:03 UTC
In the redirect steps:

http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#redirect-steps

> 6. If the request URL origin is not same origin with the original URL origin,
>    set source origin to a globally unique identifier.

It could instead say:

> 6. If the request URL origin is not same origin with the original URL origin,
>    set source origin to a globally unique identifier (which would serialize
>    to 'null').

Just written better and nicer ;-)


Although it'd be cool to just do

    s/a globally unique identifier/the string 'null'/g

but that might be a bit too radical ;-)
Comment 1 Anne 2012-03-19 15:58:39 UTC
Opinions Hixie or Adam?
Comment 2 Adam Barth 2012-03-20 04:57:11 UTC
The first change sounds fine.  I'd have to look in detail, but the second change (the one written with s/../../g) might introduce a functional bug.  For example, two unique origins are never the same, but the string 'null' is the same as another string 'null'.
Comment 3 Anne 2012-03-22 11:04:57 UTC
Fixed: http://dvcs.w3.org/hg/cors/rev/e6a54cc83fc2