Re: [cors] security issue with XMLHttpRequest API compatibility

On Wed, Apr 8, 2009 at 2:23 AM, Thomas Roessler <tlr@w3.org> wrote:
> Incidentally, just framing this as "XHR vs XDR" is a bit simplistic:  E.g.,
> one could imagine a method "enableCrossSiteRequests" (or something like
> that) which needs to be invoked before XHR can do cross site requests.

Oh, indeed. I didn't mean to frame it as an "XHR vs XDR" thing.
There's certainly other ways of doing it. Tyler also proposed adding
an argument to the XHR constructor.

/ Jonas

Received on Wednesday, 8 April 2009 18:08:29 UTC