- From: Mark S. Miller <erights@google.com>
- Date: Mon, 30 Nov 2009 11:51:03 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Adam Barth <w3c@adambarth.com>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Nov 30, 2009 at 11:25 AM, Tyler Close <tyler.close@gmail.com> wrote:
> The response to a GET request must not be made accessible to content
> from another origin, unless the target resource has explicitly
> indicated otherwise. The HTML <script> tag is a notable violation of
> this restriction for content matching a particular syntax. Otherwise,
> this rule seems widely enforced.
Other exceptions I'm aware of:
* size of images fetched using img tags.
* port scanning by differential error behavior
What other exceptions remain?
--
Cheers,
--MarkM
Received on Monday, 30 November 2009 19:51:41 UTC