- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 06 Sep 2007 12:34:17 +0200
- To: "Mark Nottingham" <mnot@yahoo-inc.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
On Thu, 06 Sep 2007 06:15:08 +0200, Mark Nottingham <mnot@yahoo-inc.com> wrote: > AFAICT this hasn't been discussed here. > > In a nutshell, the purpose is to allow browsers to send scripted > requests (e.g., JavaScript XmlHttpRequest) to sites other than that > which generated the content it resides in; i.e., a "cross-site" request. > > Note the definition of new headers, as well as the "security check" > request preceding non-GET/POST methods (recent discussion indicates this > may be pared down to just GET). > > See also <http://www.w3.org/TR/access-control/>. The proposal from Ian Hickson has been incorperated in a draft for XMLHttpRequest level 2. It probably makes more sense to review that: http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html http://dev.w3.org/2006/waf/access-control/Overview.html -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 6 September 2007 10:34:33 UTC