On Tue, Jun 9, 2009 at 9:38 AM, Tyler Close<tyler.close@gmail.com> wrote: > On Tue, Jun 9, 2009 at 9:29 AM, Adam Barth<w3c@adambarth.com> wrote: >> Isn't the whole >> point of this feature to be able to distinguish guest and non-guest? > > So requests from XMLHttpRequest have an Origin header, and requests > from GuestXMLHttpRequest don't. The server should treat requests > coming from GuestXMLHttpRequest as bits arriving from an unknown > client (ie: a "guest"), and so only authorize them based on > information explicitly included in the request. Given an HTTP request, what algorithm should the server use to determine whether the request was generated by GuestXMLHttpRequest? AdamReceived on Tuesday, 9 June 2009 18:20:08 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:11 GMT