W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Request for Comments: XMLHttpRequest Last Call Working Draft; deadline 15 December 2009

From: Arthur Barstow <art.barstow@nokia.com>
Date: Wed, 25 Nov 2009 13:25:02 -0500
Message-Id: <2AB60DE9-C957-4BB5-8284-ADDAFD97C4E8@nokia.com>
To: Mark Nottingham <mnot@yahoo-inc.com>, ietf-http-wg@w3.org
Mark, All,

As Thomas notes below, the WebApps WG seeks comment on the LCWD of  
the XHR spec:

  http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/

If you have any comments, please send them to public-webapps@w3.org ;  
comment deadline is 15 December 2009.

-Art Barstow

Begin forwarded message:

> From: ext Thomas Roessler <tlr@w3.org>
> Date: November 25, 2009 12:46:15 PM EST
> Subject: Re: HTTPbis and the Same Origin Policy
> Archived-At: <http://www.w3.org/mid/ 
> FB4986B0-957C-47AC-95B1-4737ADD5A6C4@w3.org>
>
> Much of this material is in fact part of the HTML5 and  
> XMLHttpRequest specifications.
>
> The XMLHttpRequest specification is in Last Call as of 19 November  
> (with 16 December deadline), and it includes a specification of the  
> same origin policy for XMLhttpRequest -- see step 13 of the open()  
> method [1].
>
> http://www.w3.org/TR/XMLHttpRequest/#the-open-method
>
> I'll note that that specification lacks any security considerations  
> at this point, and that calling out the same origin policy more  
> prominently (and talking about DNS rebinding) sound like they would  
> be fine and timely additions to that spec.
>
> Additionally, I suspect that in-depth review from the HTTP Working  
> Group would be an extremely valuable for this spec.
Received on Wednesday, 25 November 2009 18:25:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT