- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 25 Nov 2009 17:55:41 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Nov 25, 2009 at 2:34 PM, Tyler Close <tyler.close@gmail.com> wrote: > On Wed, Nov 25, 2009 at 1:54 PM, Adam Barth <w3c@adambarth.com> wrote: >> Indeed. Security in the application layer is quite complex. That's >> what makes life interesting. :) > > So are you agreeing that there do exist SOP rules that the application > layer must obey? If so, should we document those rules? Yes. At the application layer. I'm not even sure you can articulate the policy coherently without referring to application-layer concepts. How would you explain the restrictions on images in the HTML Canvas element in terms of HTTP protocol messages? Adam
Received on Thursday, 26 November 2009 01:56:41 UTC