- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 19 Jun 2008 12:24:00 +0200
- To: "Ian Hickson" <ian@hixie.ch>, "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Web Applications Working Group WG" <public-webapps@w3.org>
On Thu, 19 Jun 2008 11:42:57 +0200, Ian Hickson <ian@hixie.ch> wrote: > On Thu, 19 Jun 2008, Jonas Sicking wrote: >>> This has one side-effect, which is that it doesn't work well with XBL >>> or VBWG in environments where the XBL file (or VXML file) is >>> customised to the user but accessed cross-site. Is that ok? >> >> It doesn't "work well" in the sense that they don't work out-of-the-box. >> It would be trivial to add a load-private-data pseudo attribute to the >> <?xbl?> PI that sets the "with credentials" flag to true. >> >> However I can't think of a situation where someone wants to load private >> XBL bindings so I'm totally ok with it being a bit more hassle. It might >> be a bigger deal for VXML, I don't know since I've not looked at that >> spec. > > Sounds fair to me. I'll add the attribute to XBL2 when it goes back to LC > once implementations start, assuming we adopt this. Ian, it seemed to me you were talking about the server side problem because <?access-control?> alone would not be enough. XBL being served would need to be served with the appropriate HTTP headers set. (Also, not just <?xbl?> would need to be changed but also the other APIs for attaching XBL would require changing I presume.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 19 June 2008 10:23:57 UTC