Re: [websec] [Ietf-message-headers] HTTP 'Origin' permanent and provisional
Yoav Nir <ynir@checkpoint.com> Wed, 13 February 2013 20:12 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB8B21F86C4; Wed, 13 Feb 2013 12:12:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.549
X-Spam-Level:
X-Spam-Status: No, score=-10.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7K2eiYEJop5; Wed, 13 Feb 2013 12:12:42 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id B48CC21F8688; Wed, 13 Feb 2013 12:12:41 -0800 (PST)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r1DKCMwp003033; Wed, 13 Feb 2013 22:12:26 +0200
X-CheckPoint: {511BEF83-1-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.18]) by DAG-EX10.ad.checkpoint.com ([169.254.3.103]) with mapi id 14.02.0328.009; Wed, 13 Feb 2013 22:12:22 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: SM <sm@resistor.net>
Thread-Topic: [websec] [Ietf-message-headers] HTTP 'Origin' permanent and provisional
Thread-Index: AQHOCiMpQA8EvxXllUyKA9V7P1HJZ5h4Fw6A
Date: Wed, 13 Feb 2013 20:12:22 +0000
Message-ID: <4613980CFC78314ABFD7F85CC3027721119A6FFE@IL-EX10.ad.checkpoint.com>
References: <iljnh8d2cisqlsqvai0662974a0ei71qsn@hive.bjoern.hoehrmann.de> <6.2.5.6.2.20130213113549.0afcce60@resistor.net>
In-Reply-To: <6.2.5.6.2.20130213113549.0afcce60@resistor.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.231]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <321990BE4A858A4C92C5810FCB3AA21E@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<ietf-message-headers@ietf.org>" <ietf-message-headers@ietf.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] [Ietf-message-headers] HTTP 'Origin' permanent and provisional
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2013 20:12:42 -0000
Hi SM The W3C one is from a very old document, the first draft of which dates back to 2005. Anne van Kesteren has been editing it since 2007. The Origin header was first mentioned in the draft from September 2008. There it is sully explained. In 2009 the name of the document was changed to "Cross-Origin Resource Sharing". Starting with the version from July 2010, that document references the WebSec draft, and later the RFC. I suppose the provisional header should be removed, but the now-defunct W3C group is no longer available to request this. I'll see what can be done. Yoav On Feb 13, 2013, at 9:44 PM, SM <sm@resistor.net> wrote: > Hi Bjoern, > > [Cc to Websec as it is their document] > > At 09:37 13-02-2013, Bjoern Hoehrmann wrote: >> http://www.iana.org/assignments/message-headers/prov-headers.html and >> http://www.iana.org/assignments/message-headers/perm-headers.html list >> the "Origin" header for HTTP, one per RFC 6454 and one from an earlier >> W3C registration. Is that as it should be? > > No. IANA did what it was requested to do. Anyway, in my opinion, it would have to be fixed (process stuff). > > Regards, > -sm > > > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > > Email secured by Check Point
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… SM
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Julian Reschke
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Yoav Nir
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Julian Reschke
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Barry Leiba
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… SM
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Yoav Nir
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Julian Reschke
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Mark Nottingham
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Julian Reschke
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Bjoern Hoehrmann
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Graham Klyne
- Re: [websec] [Ietf-message-headers] HTTP 'Origin'… Bjoern Hoehrmann