W3C home > Mailing lists > Public > public-appformats@w3.org > September 2007

Re: Heads-up: Some buzz about access-control

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 03 Sep 2007 17:14:18 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, public-appformats@w3.org
Message-ID: <op.tx2294im64w2qv@annevk-t60.oslo.opera.com>

On Sat, 01 Sep 2007 01:59:32 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Thomas Roessler wrote:
>> Apparently, the Mozilla folks have announced support for the
>> access-control spec, and caused some buzz about it.
>>  I've dropped some pointers to this WG's public comment address.
>
> I tried to reply on the blog the forwarded message links to, but it  
> seems to have comments disabled at this point.
>
> Unfortunately the guy doesn't seem to neither have read the relevant  
> specs, nor done even the most basic testing. None of the attacks he  
> describe work, or rely on bugs in the server that would already allow  
> XSS attacks.
>
> The latest Firefox3 alpha does have access-control support for XHR,  
> though using a now outdated spec. I plan on updating to the latest spec  
> soon.

Cool! The most notable thing I noticed was that it implements the  
Content-Access-Control header as opposed to Access-Control, but I haven't  
played much with the implementation so far...


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 3 September 2007 15:14:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC