- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Wed, 25 Nov 2009 13:25:02 -0500
- To: Mark Nottingham <mnot@yahoo-inc.com>, ietf-http-wg@w3.org
Mark, All, As Thomas notes below, the WebApps WG seeks comment on the LCWD of the XHR spec: http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/ If you have any comments, please send them to public-webapps@w3.org ; comment deadline is 15 December 2009. -Art Barstow Begin forwarded message: > From: ext Thomas Roessler <tlr@w3.org> > Date: November 25, 2009 12:46:15 PM EST > Subject: Re: HTTPbis and the Same Origin Policy > Archived-At: <http://www.w3.org/mid/ > FB4986B0-957C-47AC-95B1-4737ADD5A6C4@w3.org> > > Much of this material is in fact part of the HTML5 and > XMLHttpRequest specifications. > > The XMLHttpRequest specification is in Last Call as of 19 November > (with 16 December deadline), and it includes a specification of the > same origin policy for XMLhttpRequest -- see step 13 of the open() > method [1]. > > http://www.w3.org/TR/XMLHttpRequest/#the-open-method > > I'll note that that specification lacks any security considerations > at this point, and that calling out the same origin policy more > prominently (and talking about DNS rebinding) sound like they would > be fine and timely additions to that spec. > > Additionally, I suspect that in-depth review from the HTTP Working > Group would be an extremely valuable for this spec.
Received on Wednesday, 25 November 2009 18:25:51 UTC