W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: Fwd: (XMLHttpRequest 2) Third proposal for cross-site extensions to XMLHttpRequest

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 06 Sep 2007 12:34:17 +0200
To: "Mark Nottingham" <mnot@yahoo-inc.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-ID: <op.tx8abfo264w2qv@annevk-t60.oslo.opera.com>

On Thu, 06 Sep 2007 06:15:08 +0200, Mark Nottingham <mnot@yahoo-inc.com>  
wrote:
> AFAICT this hasn't been discussed here.
>
> In a nutshell, the purpose is to allow browsers to send scripted  
> requests (e.g., JavaScript XmlHttpRequest) to sites other than that  
> which generated the content it resides in; i.e., a "cross-site" request.
>
> Note the definition of new headers, as well as the "security check"  
> request preceding non-GET/POST methods (recent discussion indicates this  
> may be pared down to just GET).
>
> See also <http://www.w3.org/TR/access-control/>.

The proposal from Ian Hickson has been incorperated in a draft for  
XMLHttpRequest level 2. It probably makes more sense to review that:

   http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html
   http://dev.w3.org/2006/waf/access-control/Overview.html


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 6 September 2007 10:34:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT