W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: [access-control] Access-Control-Allow-Origin header syntax

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 06 Oct 2008 15:51:35 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <op.uilvf9uv64w2qv@annevk-t60.oslo.opera.com>

On Mon, 29 Sep 2008 19:47:49 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> What says that an origin is not a URI? Sure, many URIs deny access,
> but it looks to me like they are still subsets of URIs. If we say that
> they are not URIs, why not go all out and invent a new syntax, such as
>
> http.org.example.www:80
>
> to allow the site http://www.example.org? This would reduce confusion
> around them being URIs.
>
> However I think it would be better to keep them as URIs, while saying
> that if there is a path, or if the URI is not same-origin as the
> Origin header then deny access.

I decided not to change this as HTML5 WebSocket is not doing this either.  
I did forward your comment:

http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-September/016358.html
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-October/016550.html


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 6 October 2008 13:52:18 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT