W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTPbis and the Same Origin Policy

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 2 Dec 2009 22:01:47 -0800
Message-ID: <7789133a0912022201j49c86e71g635ee3e9c0dcffd7@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Martin J. Dürst <duerst@it.aoyama.ac.jp>, Julian Reschke <julian.reschke@gmx.de>, public-web-security@w3.org
On Wed, Dec 2, 2009 at 11:36 AM, Tyler Close <tyler.close@gmail.com> wrote:
> This same reasoning applies to the "stylebot" example in Adam Barth's
> message. The "stylebot" can be implemented without violating SOP
> restrictions.

Can you explain this in more detail?  The stylebot reads a "program"
from one origin and gives that program read/write access to another
origin.  Sounds like a violation of the SOP to me.  Of course, for my
application, it's perfectly fine because these "programs" are written
by members of the WebKit community and both servers belong to the
WebKit community.

Adam
Received on Thursday, 3 December 2009 06:02:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:00 GMT