- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 02 Feb 2007 17:52:12 +0100
- To: "WAF WG (public)" <public-appformats@w3.org>
- Cc: member-accesscontrol-tf@w3.org
The draft should probably explicitly indicate that's trying to solve the data theft problem. (As in, we don't allow cross-domain access because that might potentially expose information on intranets etc.) That other specifications using the machanism should forbid access to HTTP headers, cookies, etc. and that scripts, if any, should run in the same origin as that of the document that does the request. See also: http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012 -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 2 February 2007 16:52:32 UTC