Re: [AC] Helping server admins not making mistakes

Anne van Kesteren wrote:
> On Fri, 30 May 2008 20:08:24 +0200, Jonas Sicking <> wrote:
>> However IMHO it makes more sense as an extra level of security. To 
>> deal with servers supporting actions that the server administrator is 
>> unaware of or wasn't thinking of when enabling Access-Control.
> Ok. It's not really clear to me whether this extra level is needed or 
> desired, as it further complicates the original proposal. With all the 
> other proposals you're making it overall becomes much more complex and 
> harder for authors to grasp what they have to do to get it right.
> I'd be interested in hearing feedback from Maciej / Apple / WebKit on 
> this proposal.

I'd be equally interested to hear Operas opinion. A while back you said 
that you were going to consult with your security guys, but I'm not sure 
that I saw a followup to that.

Is Opera ok with that enabling Access-Control always enables the full 
set of possible combinations of methods and headers?

/ Jonas

Received on Friday, 30 May 2008 20:24:31 UTC