- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 12 Feb 2008 07:13:46 +0000 (UTC)
- To: John Panzer <jpanzer@acm.org>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Mon, 11 Feb 2008, John Panzer wrote: > > My point here is just that there are existing mechanisms that are > already deployed in the field to deal with these attacks. And to plead, > as a side note, not to block the use of such mechanisms for AC4CSR... I'm not sure we could block them if we tried. :-) (Though they might need to use different headers, of course -- we obviously can't allow scripts doing cross-origin requests to arbitrarily change HTTP authenticiation headers.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 12 February 2008 07:13:59 UTC