Re: [access-control] Potential security problem (port should be auto-restricted)

On Wed, 3 Oct 2007, Jonas Sicking wrote:
>
> Hmm.. this isn't really ideal I think as it would be very easy to forget 
> to add the 'http://' part and inadvertently end up in the situation Ian 
> describes. Could we use the default port of the requesting scheme 
> instead?

That seems fine to me.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 3 October 2007 23:09:10 UTC