W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR and sandboxed iframes (was: Re: XHR without user credentials)

From: Mark S. Miller <erights@google.com>
Date: Wed, 17 Jun 2009 13:45:41 -0700
Message-ID: <4d2fac900906171345n2ff4e05er66d2c4a4c160fb2b@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: Anne van Kesteren <annevk@opera.com>, Tyler Close <tyler.close@gmail.com>, Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
On Wed, Jun 17, 2009 at 12:25 PM, Ian Hickson <ian@hixie.ch> wrote:

> On Wed, 17 Jun 2009, Mark S. Miller wrote:
> > > >
> > > > If it does transmit any of these currently, are there any objections
> > > > to revising the spec so that it doesn't?
> > >
> > > Not necessarily. I'd like to know what Ian thinks about this.
> >
> > Wonderful! Ian?
>
> Sorry, I haven't been following this thread. Could you elaborate on what
> the question is exactly?
>

Hi Ian,

The full question is

I've now read the relevant portions of <
>> http://dev.w3.org/html5/spec/Overview.html#the-iframe-element>. Looks
>> like a
>> great start on the right direction! I'm genuinely enthused. Some
>> questions:
>> [...]
>> Does an xhr from a sandboxed unique origin iframe carry any credentials in
>> the sense in which we've been using in this thread:
>> * HTTP auth info
>> * cookies (I think the text implied not, but I'd like to check.)
>> * client-side certs
>> * REFERRER
>> * identified Origin (clearly not if I understand the spec)
>> * Anything else I forgot?
>>
>> If it does transmit any of these currently, are there any objections to
>> revising the spec so that it doesn't?
>>
>
This question appears near the beginning of <
http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1007.html>.
This message is reasonably self contained and may provide adequate enough
context for addressing this question. I'll be happy to clarify further.
Also, if you have the time, the full thread is worth reading IMO.

-- 
   Cheers,
   --MarkM
Received on Wednesday, 17 June 2009 20:46:18 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT