Re: HTTP/2.0 -04 candidate

On 07/02/2013 07:34 AM, Martin Thomson wrote:
> On 1 July 2013 22:22, Sam Pullara <spullara@gmail.com> wrote:
>> I suggest that you limit to same origin and remove the :schema and the
>> :host.
> 
> You are probably right Sam, and I think that I agree, but this would
> be a change and we need to be careful about that.  See
> https://github.com/http2/http2-spec/issues/158

I agree about being careful here.

Would this be the first case of the same origin policy (SOP)
being used within HTTP, or is that already done somewhere?

(I mean used within the HTTP protocol - SOP is a user agent
thing afaik, but its quite possible I don't know:-)

If this is the first time the SOP is being considered as a
part of the HTTP protocol, then I'd hope the wg consider whether
we want that to be baked in or not. I've no strong opinion, but
do wonder if the SOP as-is will make sense in 20 years time,
assuming that HTTP/2.0 will be in as long as HTTP/1 has been.
It could be that its better not baked in, or that it'd be
better to try generalise for example.

S.


> 
> 

Received on Tuesday, 2 July 2013 08:19:05 UTC