- From: Jon Ferraiolo <jferrai@us.ibm.com>
- Date: Fri, 13 Jun 2008 15:56:21 -0700
- To: Ian Hickson <ian@hixie.ch>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
- Message-ID: <OF5F84C7E8.4497EDD2-ON88257467.007CF656-88257467.007E023F@us.ibm.com>
I took a look back to see what AC looked like back in Feb. 2007:
* http://www.w3.org/TR/2007/WD-access-control-20070215/
and the spec was very short and says "The policy described is only safe for
HEAD and GET requests. " Things have changed quite a bit since then.
It probably does makes sense to split off AC for XHR from AC for XBL and
VXML.
Jon
Ian Hickson
<ian@hixie.ch>
Sent by: To
public-webapps-re Thomas Roessler <tlr@w3.org>
quest@w3.org cc
Jonas Sicking <jonas@sicking.cc>,
"WAF WG (public)"
06/13/08 01:56 PM <public-appformats@w3.org>,
public-webapps@w3.org
Subject
Re: [AC] Helping server admins not
making mistakes
On Fri, 13 Jun 2008, Thomas Roessler wrote:
>
> The second requirement above rules out the processing instruction.
> Let's get rid of it.
Do we really think authors of XBL2 and VoiceXML are going to be able to
set headers on their sites? That seems like a much higher barrier to entry
than we should have.
Maybe we should separate Access-Control for XHR from Access-Control for
XBL and VXML?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Attachments
- image/gif attachment: graycol.gif
- image/gif attachment: pic11037.gif
- image/gif attachment: ecblank.gif
Received on Friday, 13 June 2008 22:59:26 UTC