W3C home > Mailing lists > Public > public-webapi@w3.org > September 2007

Re: XHR: definition of same-origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 20 Sep 2007 11:40:09 -0500
Message-ID: <46F2A269.4070500@mit.edu>
To: Asbjørn Ulsberg <asbjorn@ulsberg.no>
CC: Maciej Stachowiak <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>

Asbjørn Ulsberg wrote:
> On Wed, 29 Aug 2007 09:03:05 +0200, Boris Zbarsky <bzbarsky@MIT.EDU> wrote:
> 
>> P.S. If we do want to specify what an "origin" is we should perhaps 
>> also think about URI schemes that do not have a host and port.
> 
> Can't we just reference RFC-3986, section 6.2.2 and 6.2.3?

I don't see those saying anything about same-origin.  What am I missing?

I do think that same-origin checks must be done on fully normalized URIs, of 
course.  Anything else doesn't make sense, really.

-Boris
Received on Thursday, 20 September 2007 16:40:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 10 December 2014 20:05:34 UTC