Closed kumarrishav closed 1 year ago
Is it the presence of Origin-Trial:
in the response header that tells the owner of the domain or subdomain is the same person who created the token?
Yes, precisely - if you are able to add a header to the server, that means you are in theory authorized. It's not possible to opt in another origin into an origin trial. Does that answer your question?
Going to close due to lack of activity.
Describe the issue A clear and concise description of what the issue is.
For ex:
Which account should be used while registering for the User-Agent Reduction deprecation trial? How does it validate that the user who is doing the registration actually owns the domain or subdomain because it's the server/domain owner that infected the token?
Use case: Let's say I own the domain https://www.foo.com and I want that all users of https://www.foo.com should give full UA.
Is it the presence of
Origin-Trial: <ORIGIN TRIAL TOKEN>
in the response header that tells the owner of the domain or subdomain is the same person who created the token?Environment:
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.