W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2013

Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 11 Jan 2013 11:33:51 -0500
Message-ID: <50F03EEF.9070208@mit.edu>
To: Adam Barth <w3c@adambarth.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Ian Hickson <ian@hixie.ch>
On 1/11/13 1:29 AM, Adam Barth wrote:
> On Wed, Jan 9, 2013 at 8:21 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> Yes, agreed.  For what it's worth, I believe Gecko recently made history not
>> accessible cross-origin anymore
>
> Do you have a link to the bug where that change was made?

https://bugzilla.mozilla.org/show_bug.cgi?id=801576

>> Returning null for these is probably fine.  I think I'd support making this
>> list of things return null cross-origin.  Just to check, do you make this
>> determination based on the origin or the effective script origin (in spec
>> terms)?
>
> The effective script origin.

Good, good.  So implementing this is pretty straightforward; just have 
to watch out for compat issues.  The fact that you guys do it already 
should help with that, hopefully.

-Boris
Received on Friday, 11 January 2013 16:34:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:12 GMT