W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: XDomainRequest Integration with AC

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 08 Aug 2008 11:43:46 +0200
To: "Jonas Sicking" <jonas@sicking.cc>, "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Sunava Dutta" <sunavad@windows.microsoft.com>, "Maciej Stachowiak" <mjs@apple.com>, "Sharath Udupa" <Sharath.Udupa@microsoft.com>, "Zhenbin Xu" <Zhenbin.Xu@microsoft.com>, "Gideon Cohn" <gidco@windows.microsoft.com>, "public-webapps@w3.org" <public-webapps@w3.org>, "IE8 Core AJAX SWAT Team" <ieajax@microsoft.com>
Message-ID: <op.ufkam8iz64w2qv@annevk-t60.oslo.opera.com>

On Fri, 08 Aug 2008 11:38:55 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> String comparison is not going to be ok either way. The following two  
> origins are equivalent:
>
> http://www.foo.com
> http://www.foo.com:80

My proposal was to treat those as non-equivalent. Basically, to require  
Access-Control-Allow-Origin to have the same value as Origin.

(It seems that Ian has used this approach for WebSocket as well.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Friday, 8 August 2008 09:44:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT