W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2012

Re: [whatwg] proposal for a location.domain property

From: João Eiras <joaoe@opera.com>
Date: Fri, 25 May 2012 13:27:02 +0200
To: whatwg@lists.whatwg.org
Message-ID: <op.weu3fcir2q99of@joaoe>
On Thu, 24 May 2012 23:02:00 +0200, Maciej Stachowiak <mjs@apple.com>  
wrote:

>
> I agree. Even though there are still legacy features like cookies and  
> document.domain that use domain-based security, most of the Web platform  
> uses origin-based security, and that has proved to be a sounder model.  
> While I acknowledge the use cases for exposing location.domain, it's  
> also likely to become an attractive nuisance that pulls developers in  
> the wrong direction.
>

Although I understand this opinion and agree with it, the domain based  
security checks are used for cross frame interaction, cookies, security  
certificates, etc, therefore it has to be specified and documented.

I don't think adding a location.tld property or location.topDomain would  
pull developers away from anything. It would just make the legacy domain  
based security checks a bit more easy to handle and understand. It's the  
specifications and APIs that tell which security model to use, not the  
developer.
Received on Friday, 25 May 2012 11:27:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:08 GMT