W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: HTTPbis and the Same Origin Policy

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Mon, 30 Nov 2009 19:52:23 -0800
Message-ID: <4B1492F7.90900@KingsMountain.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
I also had noticed of late that the "Same Origin Policy" is essentially 
undocumented, and is communicated by oral and in-the-code tradition (as Tyler 
notes) -- so I'm happy to see Tyler bring it up.

I agree with the sentiment that it isn't something that is appropriate to 
document in the main-line httpbis I-Ds, although I nominally believe it 
deserves mention in draft-ietf-httpbis-security-properties (which I & Barry 
Leiba are ostensibly editing (new draft will be out before Anaheim)).

It appears to me that the "Browser Security Handbook" 
<http://code.google.com/p/browsersec/> is an appropriate place at this time to 
coalesce details wrt Same Origin Policies of various APIs, and that in fact is 
what Michal is apparently doing. See..

Standard browser security features / Same-origin policy
http://code.google.com/p/browsersec/wiki/Part2#Standard_browser_security_features


=JeffH
Received on Tuesday, 1 December 2009 03:59:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT