W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

[access-control] Access-Control-Allow-Origin: * and ascii-origin in IE8

From: Adrian Bateman <adrianba@microsoft.com>
Date: Wed, 14 Jan 2009 08:00:01 -0800
To: "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <749F45FA745A3244A87A63316D4E26B171956E8206@NA-EXMSG-C108.redmond.corp.microsoft.com>

I wanted to let the WG members know that we have completed our support for Access-Control in IE8 for the Simple Cross-Site Access Request. We support the Access-Control-Allow-Origin: * wildcard as we did in Beta 2 but in the next public release of IE8, our Release Candidate, we have also added support for the string comparison to the ascii-origin. I want to thank the members of this group who gave us feedback about making this change.

Making changes to our implementation now will be costly and I'd prefer if this part of the draft didn't have to change significantly. On the subject of renaming the Origin header, we'd prefer the option to keep it as is and have the name for CSRF changed in HTML 5 as Ian raised [1] if possible.



[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0060.html

Adrian Bateman
Program Manager - Internet Explorer - Microsoft Corporation
Phone: +1 (425) 538 5111
E-mail: mailto:adrianba@microsoft.com
Received on Wednesday, 14 January 2009 16:01:47 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:13 UTC