W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: HTTPbis and the Same Origin Policy

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 25 Nov 2009 22:28:58 +0100
Cc: Thomas Roessler <tlr@w3.org>, Adam Barth <w3c@adambarth.com>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <3E6431DF-1BD3-47B7-A150-7145DC7BEAF5@w3.org>
To: Tyler Close <tyler.close@gmail.com>
On 25 Nov 2009, at 22:18, Tyler Close wrote:

> That I-D defines an identifier for an origin, but not the Same Origin
> Policy.

It also defines what the "equality" operator in the same-origin policy means.

> For example, what document says: a HTTP PUT request cannot be
> sent cross-origin.

XMLHttpRequest, for the purposes of HTTP PUT requests caused through that API.

No spec, for form submissions, since the policy doesn't hold for these.
Received on Wednesday, 25 November 2009 21:29:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT