[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Adam Barth
cap-talk at adambarth.com
Sat Jul 4 00:48:15 EDT 2009
On Fri, Jul 3, 2009 at 8:57 PM, Karp, Alan H<alan.karp at hp.com> wrote:
> It seems to me that the reason for the disconnect is that Adam's example doesn't capture the motivation for Origin header proposal. Is this right?
The Origin header is used by two draft specifications. To understand
the discussion, it's important to know which draft we're discussing.
At the moment, we're talking about CORS. CORS is all about the Acme
Finace example (i.e., cross-origin resource sharing) and not about the
bank.com example (i.e., cross-site request forgery).
Adam
More information about the cap-talk
mailing list