W3C home > Mailing lists > Public > public-webapi@w3.org > September 2007

Re: XHR: definition of same-origin

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 25 Sep 2007 14:52:17 +0200
To: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.ty7ndfjt64w2qv@annevk-t60.oslo.opera.com>

On Sat, 22 Sep 2007 05:28:13 +0200, Maciej Stachowiak <mjs@apple.com>  
wrote:
> On Sep 21, 2007, at 3:34 AM, Anne van Kesteren wrote:
>> I think HTML5 needs to define this as my understanding is that  
>> document.domain is also relevant in deciding whether or not a request  
>> is same-origin. I'm not sure if that's happening soon though.
>
> I don't think document.domain would apply when determining same origin  
> for XMLHttpRequest.

Thanks Boris, Jonas and Maciej for your replies.

   http://dev.w3.org/2006/webapi/XMLHttpRequest/Overview.html#same-origin

defines same-origin for two URIs and is used in

   http://dev.w3.org/2006/webapi/XMLHttpRequest/Overview.html#open


It would be nice to get some implementation feedback on what to do about  
data:, javascript: etc.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Tuesday, 25 September 2007 12:52:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 10 December 2014 20:05:34 UTC