W3C home > Mailing lists > Public > public-webapi@w3.org > September 2007

Re: XHR: definition of same-origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 26 Sep 2007 09:31:57 -0500
Message-ID: <46FA6D5D.1060106@mit.edu>
To: Anne van Kesteren <annevk@opera.com>
CC: Maciej Stachowiak <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>

Anne van Kesteren wrote:
> Hmm, actually, per HTML5 it seems that's impossible because the origin 
> of bar.com and foo.bar.com are not the same and therefore you can't 
> access any members of foo.bar.com from bar.com or vice versa. 
> document.domain can change this I suppose

Exactly.

> but doesn't it change the origin as well then for both domains

No.  For example, as discussed before, document.domain does not affect 
same-origin XHR checks; those happen against the original domain for the document.

-Boris
Received on Wednesday, 26 September 2007 14:32:33 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 10 December 2014 20:05:34 UTC