- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 22 Oct 2008 12:15:47 +0200
- To: public-bpwg-comments@w3.org
Rewriting of HTTPS URIs implies that the origin of web applications is changed. This is likely to break a number of things: - access to cookies - web applications that rely on the same origin policy - access to any functionality that keys off the origin The breakage will come in several flavors: - the application's actual origin will be distinct from the one expected by code within the application - origins that are expected to be distinct may be mapped to the same string - the application's origin when ran through a content transformation proxy will be distinct from the origin when ran without the proxy, breaking persistent stores on the client-side. At the very least, the specification should discuss the implications HTTPS link rewriting. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 22 October 2008 10:28:00 UTC