W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 11 Feb 2009 10:18:04 -0800
Message-ID: <7789133a0902111018j1f81e3daq92df00fa78ac1e9d@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Cc: "www-talk@w3.org" <www-talk@w3.org>

On Tue, Feb 10, 2009 at 11:37 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> First, scheme is incorrect here as the scheme does not always determine a specific protocol
> (see 'http' is not just for HTTP saga).

I don't understand this level of pedantry, but if you want host-meta
to be usable by Web browsers, you should use the algorithm in
draft-abarth-origin to compute its scope from its URL.  Any deviations
from this algorithm will introduce cracks in the browser's security
policy.

Adam
Received on Wednesday, 11 February 2009 18:18:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT