RE: Comments on: Access Control for Cross-site Requests

On Thu, 3 Jan 2008, Close, Tyler J. wrote:
> So what exactly do you guys mean by: "the author does not have the 
> access (or ability) to configure the server or write cgi scripts"? How 
> do I put an "Access-Control" HTTP header on a non-XML file if I can't 
> configure the server in any way? If this cannot be done, does this mean 
> that the current proposal does not support cross-domain JSON for this 
> deployment scenario?

Yes; the proposal is primarily intended for XML. The HTTP header was added 
later as a way to allow non-XML files to be used as well, but it wasn't 
part of the initial design or intent.

(Having said that, it's also a lot easier to add a single HTTP header than 
it is to add CGI scripts or magic files in specific locations, let alone 
scripts that respond to OPTIONS, and that itself is still far easier than 
upgrading the entire server.)

Ian Hickson               U+1047E                )\._.,--....,'``.    fL       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 3 January 2008 01:45:10 UTC