W3C home > Mailing lists > Public > public-webapi@w3.org > August 2007

Re: XHR: definition of same-origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 29 Aug 2007 02:03:05 -0500
Message-ID: <46D51A29.7060604@mit.edu>
To: Maciej Stachowiak <mjs@apple.com>
CC: "Web API WG (public)" <public-webapi@w3.org> 

Maciej Stachowiak wrote:
> Any definition of a same-origin policy would have to define how to 
> determine the hostname and port.

For what it's worth, an origin in Gecko also includes the scheme.  This handles 
things like http-to-https access (not allowed), unknown schemes (only 
same-origin with another URI for that same unknown scheme no matter what) and so 
forth well.

-Boris

P.S. If we do want to specify what an "origin" is we should perhaps also think 
about URI schemes that do not have a host and port.
Received on Wednesday, 29 August 2007 07:03:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT