…d from one origin can cause interaction with resources from another origin. See RFC6454 for an overview of the concept of an "origin". Application of a SOP in RRDP client/server communication isolates resources such as Delta and Snapshot files from different Repository Servers, r…
…quest over secure HTTP to the path "/.well-known/host-meta" at an HTTP origin [ RFC6454 ] that matches the XMPP service domain (e.g., a URL of "https://im.example.org/.well-known/host-meta" if the XMPP service domain is "im.example.org"). Stout, et al. Standards Track [Page 10] R…
…ent to the ASCII serialization of a Web origin, as presented in Section 6.2 of [RFC6454] o Single-host type: The "host" part of the requested URI. This is the default value. Authentication realms within this kind of authentication scope will span several protocols (e.g., HTTP and…
…n from a URI, and the "the same" matching algorithm for origins are defined in [RFC6454]. "Safe" HTTP methods include "GET", "HEAD", "OPTIONS", and "TRACE", as defined in Section 4.2.1 of [RFC7231]. A domain's "public suffix" is the portion of a domain that is controlled by a pub…
… applications on the Web require the discovery of information about an origin [ RFC6454 ] (sometimes called "site-wide metadata") before making a request. For example, the Robots Exclusion Protocol ) specifies a way for automated processes to obtain permission to access resources…
…L and related Web protocols, beyond the scope of this document, as described in RFC6454 4.3.2. http Origins Although HTTP is independent of the transport protocol, the "http" scheme Section 4.2.1 ) is specific to associating authority with whomever controls the origin server list…
…ess to the resource. For "https" URIs, the "service" corresponds to an "origin" RFC6454 The "service name" is the host portion of the authority. The "authority endpoint" is the authority's hostname and a port number implied by the scheme or specified in the URI. An "alternative e…
…. If the WebTransport session is coming from a browser client, an Origin header RFC6454 MUST be provided within the request. Otherwise, the header is OPTIONAL. Upon receiving an extended CONNECT request with a :protocol field set to webtransport-h3 , the HTTP/3 server can check i…
… and related Web protocols, beyond the scope of this document, as described in [RFC6454] 4.3.2. http Origins Although HTTP is independent of the transport protocol, the "http" scheme ( Section 4.2.1 ) is specific to associating authority with whomever controls the origin server l…
…L and related Web protocols, beyond the scope of this document, as described in RFC6454 4.3.2. http Origins Although HTTP is independent of the transport protocol, the "http" scheme Section 4.2.1 ) is specific to associating authority with whomever controls the origin server list…
…equest over secure HTTP to the path "/.well-known/host-meta" at an HTTP origin [RFC6454] that matches the XMPP service domain (e.g., a URL of "https://im.example.org/.well-known/host-meta" if the XMPP service domain is "im.example.org"). Stout, et al. Standards Track [Page 10] RF…
… the client creates a new public-private key pair for each host ("web origin" [ RFC6454 ]) to which it authenticates. These keys are used in HOBA for HTTP clients to authenticate themselves to servers in the HTTP protocol or in a JavaScript authentication program. HOBA session ma…
…L and related Web protocols, beyond the scope of this document, as described in RFC6454 4.3.2. http Origins Although HTTP is independent of the transport protocol, the "http" scheme Section 4.2.1 ) is specific to associating authority with whomever controls the origin server list…
…ess to the resource. For "https" URIs, the "service" corresponds to an "origin" RFC6454 The "service name" is the host portion of the authority. The "authority endpoint" is the authority's hostname and a port number implied by the scheme or specified in the URI. An "alternative e…
… to another origin’s data (the policy is more formally defined in Section 3 of [RFC6454] ). A corollary to this policy is that an origin should not have direct access to data that isn’t associated with any origin: the contents of a user’s hard drive, for instance. Various kinds o…