On Thu, 06 Sep 2007 06:15:08 +0200, Mark Nottingham <mnot@yahoo-inc.com> wrote: > AFAICT this hasn't been discussed here. > > In a nutshell, the purpose is to allow browsers to send scripted > requests (e.g., JavaScript XmlHttpRequest) to sites other than that > which generated the content it resides in; i.e., a "cross-site" request. > > Note the definition of new headers, as well as the "security check" > request preceding non-GET/POST methods (recent discussion indicates this > may be pared down to just GET). > > See also <http://www.w3.org/TR/access-control/>. The proposal from Ian Hickson has been incorperated in a draft for XMLHttpRequest level 2. It probably makes more sense to review that: http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html http://dev.w3.org/2006/waf/access-control/Overview.html -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Thursday, 6 September 2007 10:34:33 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 June 2008 08:04:33 GMT