W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

RE: Comments on: Access Control for Cross-site Requests

From: Close, Tyler J. <tyler.close@hp.com>
Date: Thu, 3 Jan 2008 01:29:05 +0000
To: Jonas Sicking <jonas@sicking.cc>
CC: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, "public-appformats@w3.org" <public-appformats@w3.org>
Message-ID: <C7B67062D31B9E459128006BAAD0DC3D1421858B@G6W0269.americas.hpqcorp.net>


Jonas Sicking wrote:
> If we only support
> server-side checking, we're completely removing the ability to put
> cross-site reachable resources on servers where the author
> does not have
> the access (or ability) to configure the server or write cgi scripts.

So what exactly do you guys mean by: "the author does not have the access (or ability) to configure the server or write cgi scripts"? How do I put an "Access-Control" HTTP header on a non-XML file if I can't configure the server in any way? If this cannot be done, does this mean that the current proposal does not support cross-domain JSON for this deployment scenario?

--Tyler
Received on Thursday, 3 January 2008 01:33:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC