W3C home > Mailing lists > Public > public-html@w3.org > September 2008

Re: Question about origin serialization

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sun, 28 Sep 2008 22:48:31 -0400
Message-ID: <48E041FF.1090704@mit.edu>
To: Adam Barth <w3c@adambarth.com>
CC: HTML WG <public-html@w3.org>

Adam Barth wrote:
> What are the all the different string forms?  The two I'm aware of are:
> 
> 1) postMessage's origin property
> 2) XHR's Origin header

You're assuming no one else will make use of these serialization rules?

> Browser implementations won't be able to replace same-origin checks
> with comparing these strings because of document.domain

document.domain just comes down to modifying which origins you compare, 
for what it's worth.

-Boris
Received on Monday, 29 September 2008 02:51:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:23 GMT