W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] security issue with XMLHttpRequest API compatibility

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 8 Apr 2009 11:07:39 -0700
Message-ID: <63df84f0904081107j6088900dy1ae28750a8c43b7@mail.gmail.com>
To: Thomas Roessler <tlr@w3.org>
Cc: Tyler Close <tyler.close@gmail.com>, public-webapps@w3.org
On Wed, Apr 8, 2009 at 2:23 AM, Thomas Roessler <tlr@w3.org> wrote:
> Incidentally, just framing this as "XHR vs XDR" is a bit simplistic:  E.g.,
> one could imagine a method "enableCrossSiteRequests" (or something like
> that) which needs to be invoked before XHR can do cross site requests.

Oh, indeed. I didn't mean to frame it as an "XHR vs XDR" thing.
There's certainly other ways of doing it. Tyler also proposed adding
an argument to the XHR constructor.

/ Jonas
Received on Wednesday, 8 April 2009 18:08:29 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT