W3C home > Mailing lists > Public > public-webapi@w3.org > August 2007

Re: XHR: definition of same-origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 29 Aug 2007 02:03:05 -0500
Message-ID: <46D51A29.7060604@mit.edu>
To: Maciej Stachowiak <mjs@apple.com>
CC: "Web API WG (public)" <public-webapi@w3.org>

Maciej Stachowiak wrote:
> Any definition of a same-origin policy would have to define how to 
> determine the hostname and port.

For what it's worth, an origin in Gecko also includes the scheme.  This handles 
things like http-to-https access (not allowed), unknown schemes (only 
same-origin with another URI for that same unknown scheme no matter what) and so 
forth well.


P.S. If we do want to specify what an "origin" is we should perhaps also think 
about URI schemes that do not have a host and port.
Received on Wednesday, 29 August 2007 07:03:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:24 UTC