W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: XDomainRequest Integration with AC

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 08 Aug 2008 02:38:55 -0700
Message-ID: <489C142F.3000004@sicking.cc>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Anne van Kesteren <annevk@opera.com>, Sunava Dutta <sunavad@windows.microsoft.com>, Maciej Stachowiak <mjs@apple.com>, Sharath Udupa <Sharath.Udupa@microsoft.com>, Zhenbin Xu <Zhenbin.Xu@microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, "public-webapps@w3.org" <public-webapps@w3.org>, IE8 Core AJAX SWAT Team <ieajax@microsoft.com>

Julian Reschke wrote:
> Anne van Kesteren wrote:
>>
>> On Fri, 08 Aug 2008 08:28:48 +0200, Jonas Sicking <jonas@sicking.cc> 
>> wrote:
>>> Anne van Kesteren wrote:
>>>>  My plan is to simply require Access-Control-Allow-Origin to hold 
>>>> the ASCII serialization of an origin (see HTML5) and have a literal 
>>>> comparison of that with the value of Origin. This would be quite 
>>>> strict, but should be fine I think.
>>>
>>> That is fine, though I'm inclined to think that the trailing slash 
>>> should be allowed in the HTML5 syntax for an origin.
>>
>> That would would preclude string comparison though and require 
>> something less trivial.
> 
> How would that preclude string comparison? (-> 
> <http://greenbytes.de/tech/webdav/rfc3986.html#comparison-string>)

String comparison is not going to be ok either way. The following two 
origins are equivalent:

http://www.foo.com
http://www.foo.com:80

/ Jonas
Received on Friday, 8 August 2008 09:40:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT