W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR] same-origin request event rules are underspecified

From: Anne van Kesteren <annevk@opera.com>
Date: Sun, 31 Jan 2010 14:50:33 +0100
To: "Thomas Roessler" <tlr@w3.org>, "W3C WebApps WG" <public-webapps@w3.org>
Cc: public-web-security@w3.org
Message-ID: <op.u7egqji264w2qv@annevk-t60>
On Tue, 19 Jan 2010 08:00:19 +0100, Thomas Roessler <tlr@w3.org> wrote:
> What does "does not violate security" mean?  Is a same origin redirect  
> the only redirect that's considered to "not violate security"?

Yeah, this was old text that was never updated to match reality. Thanks  
for pointing it out!

(Fixed for both XHR1 and XHR2, which have slightly different text as XHR2  
deals with cross-origin redirects.)


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Sunday, 31 January 2010 13:51:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT