W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: (XMLHttpRequest 2) Third proposal for cross-site extensions to XMLHttpRequest

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Thu, 6 Sep 2007 22:01:58 +1000
Message-Id: <41C4E99B-E360-4653-A5C7-57137DD379C7@yahoo-inc.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
To: Anne van Kesteren <annevk@opera.com>

Ah, thanks; I missed that.

See also:
<http://wiki.mozilla.org/Cross_Site_XMLHttpRequest>


On 2007/09/06, at 8:34 PM, Anne van Kesteren wrote:

> On Thu, 06 Sep 2007 06:15:08 +0200, Mark Nottingham <mnot@yahoo- 
> inc.com> wrote:
>> AFAICT this hasn't been discussed here.
>>
>> In a nutshell, the purpose is to allow browsers to send scripted  
>> requests (e.g., JavaScript XmlHttpRequest) to sites other than  
>> that which generated the content it resides in; i.e., a "cross- 
>> site" request.
>>
>> Note the definition of new headers, as well as the "security  
>> check" request preceding non-GET/POST methods (recent discussion  
>> indicates this may be pared down to just GET).
>>
>> See also <http://www.w3.org/TR/access-control/>.
>
> The proposal from Ian Hickson has been incorperated in a draft for  
> XMLHttpRequest level 2. It probably makes more sense to review that:
>
>   http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html
>   http://dev.w3.org/2006/waf/access-control/Overview.html
>
>
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>

--
Mark Nottingham       mnot@yahoo-inc.com
Received on Thursday, 6 September 2007 12:03:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT