- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 20 Dec 2007 02:13:04 +0000 (UTC)
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "public-appformats@w3.org" <public-appformats@w3.org>
On Thu, 20 Dec 2007, Close, Tyler J. wrote: > > A simple proposal would be to send an OPTIONS request to "*" asking the > server if it understands your new Referer-Root header. If the answer > comes back "yes", let through any pending requests; otherwise, treat > them as they currently are. RFC 2616 contains language indicating that > this is the expected way for a client to probe a server's functionality. > Once you get back the yes, assumes it's the server's problem to figure > out what to do with cross-domain requests to particular resources. > Different servers can them implement their own internal rules for access > to different resources. Using OPTIONS was considered, but it's actually quite hard to make Apache respond to OPTIONS in author-controlled ways (and even more so if you have the php modules loaded, iirc). We want to have a solution that doesn't require changes to deployed servers. Authors should be able to implement this without contacting their existing hosting provider. Similarly, existing CMSes should be able to implement this and existing installations should be upgradeable without the servers having to be upgraded as well. The fear is that without this migration path, the feature won't be actually available for years. The perceived need for this feature is very great, so there's a lot of pressure to make it available as soon as possible. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 20 December 2007 02:13:17 UTC