On Thu, 19 Jun 2008 11:42:57 +0200, Ian Hickson <ian@hixie.ch> wrote: > On Thu, 19 Jun 2008, Jonas Sicking wrote: >>> This has one side-effect, which is that it doesn't work well with XBL >>> or VBWG in environments where the XBL file (or VXML file) is >>> customised to the user but accessed cross-site. Is that ok? >> >> It doesn't "work well" in the sense that they don't work out-of-the-box. >> It would be trivial to add a load-private-data pseudo attribute to the >> <?xbl?> PI that sets the "with credentials" flag to true. >> >> However I can't think of a situation where someone wants to load private >> XBL bindings so I'm totally ok with it being a bit more hassle. It might >> be a bigger deal for VXML, I don't know since I've not looked at that >> spec. > > Sounds fair to me. I'll add the attribute to XBL2 when it goes back to LC > once implementations start, assuming we adopt this. Ian, it seemed to me you were talking about the server side problem because <?access-control?> alone would not be enough. XBL being served would need to be served with the appropriate HTTP headers set. (Also, not just <?xbl?> would need to be changed but also the other APIs for attaching XBL would require changing I presume.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Thursday, 19 June 2008 10:23:57 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:42:58 GMT