Re: Heads-up: Some buzz about access-control

On Sat, 01 Sep 2007 01:59:32 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Thomas Roessler wrote:
>> Apparently, the Mozilla folks have announced support for the
>> access-control spec, and caused some buzz about it.
>>  I've dropped some pointers to this WG's public comment address.
>
> I tried to reply on the blog the forwarded message links to, but it  
> seems to have comments disabled at this point.
>
> Unfortunately the guy doesn't seem to neither have read the relevant  
> specs, nor done even the most basic testing. None of the attacks he  
> describe work, or rely on bugs in the server that would already allow  
> XSS attacks.
>
> The latest Firefox3 alpha does have access-control support for XHR,  
> though using a now outdated spec. I plan on updating to the latest spec  
> soon.

Cool! The most notable thing I noticed was that it implements the  
Content-Access-Control header as opposed to Access-Control, but I haven't  
played much with the implementation so far...


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Monday, 3 September 2007 15:14:39 UTC