W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Origin

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 30 May 2008 14:48:31 -0700
Message-ID: <4840762F.2000502@sicking.cc>
To: Adam Barth <public-webapi@adambarth.com>
CC: Anne van Kesteren <annevk@opera.com>, Collin Jackson <collinj@cs.stanford.edu>, "Web API WG (public)" <public-webapi@w3.org>

Adam Barth wrote:
> On Fri, May 30, 2008 at 2:02 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>> With Access-Control-Origin it is easy to block all cross-site requests where
>> the requesting site can read the resulting data.
> 
> If you think this is an important use case, why not add a specific
> header that says "this is a cross-site XMLHttpRequest" instead of
> overloading the Access-Control-Origin header?

What I think is needed is a "this is a cross-site Access-Control 
request". Which I think is pretty close to what Access-Control-Origin was.

/ Jonas
Received on Friday, 30 May 2008 21:51:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 30 May 2008 21:51:27 GMT