W3C home > Mailing lists > Public > public-appformats@w3.org > December 2007

Re: Comments on: Access Control for Cross-site Requests

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 21 Dec 2007 11:43:10 +0100
To: "Close, Tyler J." <tyler.close@hp.com>
Cc: Ian Hickson <ian@hixie.ch>, "public-appformats@w3.org" <public-appformats@w3.org>
Message-ID: <20071221104310.GZ331@iCoaster.does-not-exist.org>

On 2007-12-20 01:59:12 +0000, Close, Tyler J. wrote:

> A simple proposal would be to send an OPTIONS request to "*"
> asking the server if it understands your new Referer-Root header.

With this proposal, the server would have to trust that the client
puts in the right Referrer-Root header.  It wouldn't have to trust
the client with its policies.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Friday, 21 December 2007 20:24:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:24 GMT