- From: Jim Ley <jim@jibbering.com>
- Date: Sun, 9 Apr 2006 14:27:10 +0100
- To: <public-webapi@w3.org>
"Jonas Sicking" <jonas@sicking.cc> > This would probably be helped by restricting to same-origin policies. But > I'd like to have good usecases even for adding that. I think site authors > would be upset if they couldn't rely on referer (which arguably already is > an issue since some firewall produces block outbound referer headers). There's no arguably about it, many firewall's block it, as do others to anonymise user activity through the web, such things cannot be relied on. I also don't see the author use cases for shopping cart checks? Surely these use cookie based state methods. Site authors already cannot rely on referrer, so quite why they should be able to rely on it with XHR I don't know, forcing special behavior on UA's depending on where a request comes from seems to be something you should do only in the most extreme situation. Cheers, Jim.
Received on Sunday, 9 April 2006 13:28:16 UTC