W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: [XHR][XHR2] Same-origin policy protection

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 15 Jun 2011 16:15:35 -0400
Message-ID: <4DF912E7.10206@mit.edu>
To: public-webapps@w3.org
On 6/15/11 4:08 PM, David Bruant wrote:
>>>> 2)  XHR in the web browser gives (at the moment, at least) sites that are outside a firewall that your browser is behind the ability to make requests to hosts that are behind the firewall.

> You wrote "at the moment, at least". Is there some planned change that
> could question this?

Perhaps.  There are issues that arise with firewalled intranets even in 
the absence of XHR, so there is ongoing work to put other mitigations in 
place too.  https://bugzilla.mozilla.org/show_bug.cgi?id=354493 for example.

-Boris
Received on Wednesday, 15 June 2011 20:16:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT