W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Origin

From: Adam Barth <public-webapi@adambarth.com>
Date: Fri, 30 May 2008 14:09:23 -0700
Message-ID: <7789133a0805301409s3fddd204m9e02f1a0142bbb1a@mail.gmail.com>
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Anne van Kesteren" <annevk@opera.com>, "Collin Jackson" <collinj@cs.stanford.edu>, "Web API WG (public)" <public-webapi@w3.org>

On Fri, May 30, 2008 at 2:02 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> With Access-Control-Origin it is easy to block all cross-site requests where
> the requesting site can read the resulting data.

If you think this is an important use case, why not add a specific
header that says "this is a cross-site XMLHttpRequest" instead of
overloading the Access-Control-Origin header?

Adam

Received on Friday, 30 May 2008 21:09:59 GMT

This message: [ Message body ]
Next message: Jonas Sicking: "Re: Origin"
Previous message: Jonas Sicking: "Re: Origin"
In reply to: Jonas Sicking: "Re: Origin"
Next in thread: Jonas Sicking: "Re: Origin"
Reply: Jonas Sicking: "Re: Origin"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 May 2008 21:10:00 GMT