W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Origin

From: Adam Barth <public-webapi@adambarth.com>
Date: Fri, 30 May 2008 14:09:23 -0700
Message-ID: <7789133a0805301409s3fddd204m9e02f1a0142bbb1a@mail.gmail.com>
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Anne van Kesteren" <annevk@opera.com>, "Collin Jackson" <collinj@cs.stanford.edu>, "Web API WG (public)" <public-webapi@w3.org>

On Fri, May 30, 2008 at 2:02 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> With Access-Control-Origin it is easy to block all cross-site requests where
> the requesting site can read the resulting data.

If you think this is an important use case, why not add a specific
header that says "this is a cross-site XMLHttpRequest" instead of
overloading the Access-Control-Origin header?

Adam
Received on Friday, 30 May 2008 21:09:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 May 2008 21:10:00 GMT