W3C home > Mailing lists > Public > public-appformats@w3.org > February 2008

Should Access-Control-Origin match postMessage port behavior?

From: Collin Jackson <collinj@cs.stanford.edu>
Date: Fri, 22 Feb 2008 23:44:45 -0800
Message-ID: <986207e70802222344i2788b070t4d372f7b5cd2091c@mail.gmail.com>
To: public-appformats@w3.org, "Anne van Kesteren" <annevk@opera.com>, "Adam Barth" <abarth@cs.stanford.edu> 

The Access-Control-Origin header includes the port of the origin of
the request, even if the port is the default for the origin's scheme:

http://www.w3.org/TR/access-control/#access-control-origin

The HTML 5 specification for postMessage does not include the port in
the MessageEvent's origin field if the port is the default for the
origin's scheme.

http://www.whatwg.org/specs/web-apps/current-work/#origin

Would it make sense to change Access-Control-Origin to match postMessage?
Received on Saturday, 23 February 2008 07:44:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 23 February 2008 07:44:58 GMT