Y
Hacker News
new
|
ask
|
show
|
jobs
by
littlestymaar
217 days ago
> User privacy is enhanced as the issuer does not learn which web application is making the request as the request is mediated by the browser.
How can you avoid revealing the application through the `Origin` header?
1 comments
gruez
217 days ago
The request is sent by the browser, not the webapp itself (ie. using xhr or fetch) so it doesn't have headers like "Origin" added.
link
littlestymaar
217 days ago
Ha! Thank you, I misunderstood who was behind this proposal but since it's W3C it's something that would directly be implemented by the browser itself.
link