- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 03 Sep 2007 17:14:18 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>, public-appformats@w3.org
On Sat, 01 Sep 2007 01:59:32 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > Thomas Roessler wrote: >> Apparently, the Mozilla folks have announced support for the >> access-control spec, and caused some buzz about it. >> I've dropped some pointers to this WG's public comment address. > > I tried to reply on the blog the forwarded message links to, but it > seems to have comments disabled at this point. > > Unfortunately the guy doesn't seem to neither have read the relevant > specs, nor done even the most basic testing. None of the attacks he > describe work, or rely on bugs in the server that would already allow > XSS attacks. > > The latest Firefox3 alpha does have access-control support for XHR, > though using a now outdated spec. I plan on updating to the latest spec > soon. Cool! The most notable thing I noticed was that it implements the Content-Access-Control header as opposed to Access-Control, but I haven't played much with the implementation so far... -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 3 September 2007 15:14:39 UTC