W3C home > Mailing lists > Public > public-webapi@w3.org > August 2007

XHR: definition of same-origin

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 28 Aug 2007 20:04:24 -0700
Message-Id: <EB99F2FC-B7FB-4CE9-8A87-894FAE62DBC3@apple.com>
To: "Web API WG (public)" <public-webapi@w3.org>


The XHR spec doesn't define same-origin. We had a webkit bug filed  
differently where we apparently interpreted same-origin differently  
than IE or Firefox: <http://bugs.webkit.org/show_bug.cgi?id=15100>

In particular, we would not consider https://example.com:443/ to be  
the same origin as https://example.com/.

Since this affects interoperability as well as security I would  
suggest adding a definition, unless the spec expected to define same- 
origin is going to happen soon.

Regards,
Maciej
Received on Wednesday, 29 August 2007 03:04:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT