Date: Fri, 13 Jun 2008 15:56:21 -0700
To: Ian Hickson <ian@hixie.ch>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <OF5F84C7E8.4497EDD2-ON88257467.007CF656-88257467.007E023F@us.ibm.com>
I took a look back to see what AC looked like back in Feb. 2007: * http://www.w3.org/TR/2007/WD-access-control-20070215/ and the spec was very short and says "The policy described is only safe for HEAD and GET requests. " Things have changed quite a bit since then. It probably does makes sense to split off AC for XHR from AC for XBL and VXML. Jon Ian Hickson <ian@hixie.ch> Sent by: To public-webapps-re Thomas Roessler <tlr@w3.org> quest@w3.org cc Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" 06/13/08 01:56 PM <public-appformats@w3.org>, public-webapps@w3.org Subject Re: [AC] Helping server admins not making mistakes On Fri, 13 Jun 2008, Thomas Roessler wrote: > > The second requirement above rules out the processing instruction. > Let's get rid of it. Do we really think authors of XBL2 and VoiceXML are going to be able to set headers on their sites? That seems like a much higher barrier to entry than we should have. Maybe we should separate Access-Control for XHR from Access-Control for XBL and VXML? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
(image/gif attachment: graycol.gif)
(image/gif attachment: pic11037.gif)
(image/gif attachment: ecblank.gif)