W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 11 Feb 2009 15:08:18 -0800
Message-ID: <7789133a0902111508s7278bc7exad8e408d8dea6b0d@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Cc: "www-talk@w3.org" <www-talk@w3.org>

On Wed, Feb 11, 2009 at 3:04 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> Exactly. Does that addresses your concern about scope?

Yes.  I think we should make it clearer in the spec that host-meta's
scope is restricted by protocol.  As a browser developer, I find the
current spec confusing on this point.

> (we can continue debating the value of the content type header as a measure
> of security if you'd like...)

(I'm composing a reply to Breno now.)

Adam
Received on Wednesday, 11 February 2009 23:08:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT