{"draft":"draft-ietf-websec-origin-06","doc_id":"RFC6454","title":"The Web Origin Concept","authors":["A. Barth"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Security","abstract":"This document defines the concept of an \"origin\", which is often used\r\nas the scope of authority or privilege by user agents.  Typically,\r\nuser agents isolate content retrieved from different origins to\r\nprevent malicious web site operators from interfering with the\r\noperation of benign web sites.  In addition to outlining the\r\nprinciples that underlie the concept of origin, this document details\r\nhow to determine the origin of a URI and how to serialize an origin\r\ninto a string.  It also defines an HTTP header field, named \"Origin\",\r\nthat indicates which origins are associated with an HTTP request.  \r\n[STANDARDS-TRACK]","pub_date":"December 2011","keywords":["[--------]","same-origin","policy","security","cross-origin"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6454","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6454"}