- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 14 Jan 2009 10:53:42 -0800
- To: "Adrian Bateman" <adrianba@microsoft.com>
- Cc: "public-webapps@w3.org" <public-webapps@w3.org>
On Wed, Jan 14, 2009 at 8:00 AM, Adrian Bateman <adrianba@microsoft.com> wrote: > I wanted to let the WG members know that we have completed our support for Access-Control in IE8 for the Simple Cross-Site Access Request. We support the Access-Control-Allow-Origin: * wildcard as we did in Beta 2 but in the next public release of IE8, our Release Candidate, we have also added support for the string comparison to the ascii-origin. I want to thank the members of this group who gave us feedback about making this change. Yay! This is awesome! Thanks a lot for making these changes. > Making changes to our implementation now will be costly and I'd prefer if this part of the draft didn't have to change significantly. On the subject of renaming the Origin header, we'd prefer the option to keep it as is and have the name for CSRF changed in HTML 5 as Ian raised [1] if possible. The problem I think is that the current name, 'Origin', is extremely generic and so it's likely to cause confusion once we get other headers containing origins. That said, I do understand that this is a very late change for you guys. Developers will code to what works, so as long as things work the same across browsers, with regards to this and the CSRF protection header, things should be mostly ok. What do other people think? / Jonas
Received on Wednesday, 14 January 2009 18:54:18 UTC