W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

RE: Comments on: Access Control for Cross-site Requests

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 3 Jan 2008 02:35:23 +0000 (UTC)
To: "Close, Tyler J." <tyler.close@hp.com>
Cc: Jonas Sicking <jonas@sicking.cc>, Anne van Kesteren <annevk@opera.com>, "public-appformats@w3.org" <public-appformats@w3.org>
Message-ID: <Pine.LNX.4.62.0801030231070.23371@hixie.dreamhostps.com>

On Thu, 3 Jan 2008, Close, Tyler J. wrote:
> OK, so list the server-side technologies I'm allowed to use and I'll see 
> if I can safely allow cross-domain access without communicating the 
> access policy to the client.

The requirements I listed at the bottom of:


...are the main constraints, as far as I'm aware. (Note that one of them 
is what you've been asking for -- that the server make the decision -- and 
as far as I can tell, that's exaclty what the currently proposed 
specification does. I don't really understand your objection to the 
current proposal, other than it being "not simple enough", but Jonas' 
point about having to be "as simple as possible but no simpler" certainly 
seems to apply here.)

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 3 January 2008 02:35:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC