Re: HTTPbis and the Same Origin Policy

On Mon, Nov 30, 2009 at 11:25 AM, Tyler Close <tyler.close@gmail.com> wrote:
> The response to a GET request must not be made accessible to content
> from another origin, unless the target resource has explicitly
> indicated otherwise. The HTML <script> tag is a notable violation of
> this restriction for content matching a particular syntax. Otherwise,
> this rule seems widely enforced.

Other exceptions I'm aware of:

* size of images fetched using img tags.
* port scanning by differential error behavior

What other exceptions remain?


-- 
    Cheers,
    --MarkM

Received on Monday, 30 November 2009 19:51:41 UTC