Opened 11 years ago
Closed 10 years ago
#322 closed design (wontfix)
Origin
Reported by: | mnot@… | Owned by: | julian.reschke@… |
---|---|---|---|
Priority: | normal | Milestone: | unassigned |
Component: | non-specific | Severity: | Active WG Document |
Keywords: | Cc: |
Description
The WEBSEC WG has published the Origin draft; there may be a few places we could/should consider referencing its terminology (to help reduce impedance mismatch in different parts of the Web arch).
Change History (8)
comment:1 Changed 11 years ago by mnot@…
- Owner set to mnot@…
comment:2 Changed 11 years ago by mnot@…
comment:3 Changed 11 years ago by mnot@…
Proposal for p7 2.2:
"""A protection space is defined by the origin [ref to origin rfc], combined with the realm value (if present)."""
Proposal for p6 2.5:
"""However, a cache MUST NOT invalidate a URI from a Location or Content-Location header field if that URI does not have the same origin as that of the effective request URI (section 4.3 of [Part1]), as specified in [ref to origin rfc]."""
comment:4 Changed 11 years ago by julian.reschke@…
- Owner changed from mnot@… to julian.reschke@…
- Status changed from new to assigned
comment:5 Changed 10 years ago by dan.winship@…
maybe also p1 2.7.2:
Resources made available via the "https" scheme have no shared identity with the "http" scheme even if their resource identifiers indicate the same authority (the same host listening to the same TCP port). They are distinct name spaces and are considered to be distinct origin servers.
comment:6 Changed 10 years ago by mnot@…
- Milestone changed from unassigned to 19
comment:7 Changed 10 years ago by julian.reschke@…
- Milestone changed from 19 to unassigned
comment:8 Changed 10 years ago by mnot@…
- Resolution set to wontfix
- Status changed from assigned to closed
Discussed in Paris; Origin is specific to a browser's view of the world, and the utility of referring to it is doubtful. Suggestion was to close with no action; confirmed on list.
Candidates: