W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: Fwd: (XMLHttpRequest 2) Third proposal for cross-site extensions to XMLHttpRequest

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 06 Sep 2007 12:34:17 +0200
To: "Mark Nottingham" <mnot@yahoo-inc.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <op.tx8abfo264w2qv@annevk-t60.oslo.opera.com>

On Thu, 06 Sep 2007 06:15:08 +0200, Mark Nottingham <mnot@yahoo-inc.com>  
> AFAICT this hasn't been discussed here.
> In a nutshell, the purpose is to allow browsers to send scripted  
> requests (e.g., JavaScript XmlHttpRequest) to sites other than that  
> which generated the content it resides in; i.e., a "cross-site" request.
> Note the definition of new headers, as well as the "security check"  
> request preceding non-GET/POST methods (recent discussion indicates this  
> may be pared down to just GET).
> See also <http://www.w3.org/TR/access-control/>.

The proposal from Ian Hickson has been incorperated in a draft for  
XMLHttpRequest level 2. It probably makes more sense to review that:


Anne van Kesteren
Received on Thursday, 6 September 2007 10:34:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC