W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: HTTPbis and the Same Origin Policy

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 30 Nov 2009 18:41:11 -0800
Cc: Tyler Close <tyler.close@gmail.com>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-id: <1F2C1D2F-1AFD-47C2-90D7-937097E65A14@apple.com>
To: Adam Barth <w3c@adambarth.com>

On Nov 30, 2009, at 5:23 PM, Adam Barth wrote:

> 1) The same-origin policy applies regardless of which protocols are
> used (e.g, FTP, Gopher, HTTP).
> 2) The same-origin policy applies differently to different
> application-layer APIs (e.g., XMLHttpRequest, <canvas>, @font-face).

3) The same-origin policy is originally and primarily about scripting,  
not networking. It has only lately and incidentally come to encompass  
networking as well, largely to prevent working around the restrictions  
on client-side scripting in the browser. It's impossible to explain  
the restrictions on networking without reference to the original  
scripting context.

Received on Tuesday, 1 December 2009 02:41:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:52 UTC