Re: Same Origin Policy and HTTP Authentication

On Tue, 07 Dec 2010 00:53:35 +0100, Mark Nottingham <> wrote:
> Although there are a number of places that might be appropriate for this  
> discussion, it might actually be most helpful for you to give this as  
> feedback to the W3C CORS specification:
> ... as they're discussing what is effectively a policy mechanism for  
> cross-site requests.

Actually, no. It is for new types of cross-origin requests that are not  
possible today.

Anne van Kesteren

Received on Tuesday, 7 December 2010 10:09:46 UTC