- From: Ric Johnson <ricjohnsoniii@gmail.com>
- Date: Mon, 1 Oct 2007 18:57:29 -0400
- To: public-appformats@w3.org
I have a few questions for the new draft: http://www.w3.org/TR/2007/WD-access-control-20071001/ Is this really required? I can achieve the same with a) Dynamic script tags (JSON requests) as long I am am comfortable with GET b) PROXY governance c) CNAMEs as a way to bypass the domain restrictions Other issues: a) No only does the browser have to allow this, but XMLRequest does as well. b) What about <a href="http://json.Com">JSON</a> responses? XML is great, but let us not fall into the "Not invented here" trap I am NOT saying that this is not a good idea. It is just that if I have access to the web server to add a header, then I probably will be able to solve this problem today. I actually need this for my JSON requests. As it stands now, I can do cross-domain without really looking at security. Might there be a way to emulate this using script now?
Received on Wednesday, 3 October 2007 13:40:46 UTC