- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 19 Jul 2008 23:05:19 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Sunava Dutta <sunavad@windows.microsoft.com>, "annevk@opera.com" <annevk@opera.com>, Sharath Udupa <Sharath.Udupa@microsoft.com>, Zhenbin Xu <Zhenbin.Xu@microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, "public-webapps@w3.org" <public-webapps@w3.org>, IE8 Core AJAX SWAT Team <ieajax@microsoft.com>
Maciej Stachowiak wrote: > > > On Jul 18, 2008, at 11:15 PM, Jonas Sicking wrote: > >> Maciej Stachowiak wrote: >>> On Jul 18, 2008, at 4:20 PM, Sunava Dutta wrote: >>>> I’m in time pressure to lock down the header names for Beta 2 to >>>> integrate XDR with AC. It seems no body has objected to Jonas’s >>>> proposal. >>>> http://lists.w3.org/Archives/Public/public-webapps/2008JulSep/0175.html >>>> Please let me know if this discussion is closed so we can make the >>>> change. >>> I think Anne's email represents the most recent agreement and I don't >>> think anyone has objected: >>> http://lists.w3.org/Archives/Public/public-webapps/2008JulSep/0142.html >>> The change would be: Instead of checking for "XDomainRequestAllowed: >>> 1" check for "Access-Control-Allow-Origin: *" or >>> "Access-Control-Allow-Origin: url" where url matches what was sent in >>> the Origin header. >> >> So I have one final request for a change to the above syntax. >> >> How would people feel about the syntax >> >> Access-Control-Allow-Origin: <url> > > I don't think the angle brackets are necessary for forward compat, since > we can just disallow spaces from the URL. According to the HTML5 spec space is a valid characted inside URLs. / Jonas
Received on Sunday, 20 July 2008 06:07:00 UTC