Rewriting of HTTPS URIs implies that the origin of web applications is changed. This is likely to break a number of things: - access to cookies - web applications that rely on the same origin policy - access to any functionality that keys off the origin The breakage will come in several flavors: - the application's actual origin will be distinct from the one expected by code within the application - origins that are expected to be distinct may be mapped to the same string - the application's origin when ran through a content transformation proxy will be distinct from the origin when ran without the proxy, breaking persistent stores on the client-side. At the very least, the specification should discuss the implications HTTPS link rewriting. -- Thomas Roessler, W3C <tlr@w3.org>Received on Wednesday, 22 October 2008 10:28:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 15 June 2012 12:13:33 GMT