W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: HTTPbis and the Same Origin Policy

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 25 Nov 2009 13:56:23 -0800
Message-ID: <7789133a0911251356p4a9290ewa577605cc7abce93@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Nov 25, 2009 at 1:54 PM, Adam Barth <w3c@adambarth.com> wrote:
> I think you're confusing two things:
>
> 1) What is an origin?
> 2) What restrictions ought we to place on cross-origin interactions?

I should also note that the answer to question (2) has very little to
do with HTTP.  For example, the restrictions on interacting with
cross-origin images in an HTML Canvas apply just as well when the HTML
document is retrieved over FTP and the image is retrieved over Gopher.

Adam
Received on Wednesday, 25 November 2009 21:57:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT