W3C home > Mailing lists > Public > public-webapi@w3.org > September 2007

Re: XHR: definition of same-origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 26 Sep 2007 09:06:08 -0500
Message-ID: <46FA6750.1030805@mit.edu>
To: Anne van Kesteren <annevk@opera.com>
CC: Maciej Stachowiak <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>

Anne van Kesteren wrote:
> Yes. If I get all this stuff correctly a script could be running on 
> bar.com using the XMLHttpRequest from another frame which is on 
> foo.bar.com. Depending on which definition is used it can either access 
> bar.com or foo.bar.com content (but not both), right?

Basically, yes.

-Boris
Received on Wednesday, 26 September 2007 14:06:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT