On Mon, 11 Feb 2008, John Panzer wrote: > > My point here is just that there are existing mechanisms that are > already deployed in the field to deal with these attacks. And to plead, > as a side note, not to block the use of such mechanisms for AC4CSR... I'm not sure we could block them if we tried. :-) (Though they might need to use different headers, of course -- we obviously can't allow scripts doing cross-origin requests to arbitrarily change HTTP authenticiation headers.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Tuesday, 12 February 2008 07:13:59 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 12 February 2008 07:14:00 GMT