- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 22 Mar 2012 10:37:16 +0100
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: public-html@w3.org, "Edward O'Connor" <eoconnor@apple.com>
On Thu, 22 Mar 2012 10:19:53 +0100, Julian Reschke <julian.reschke@gmx.de> wrote: > On 2012-03-22 10:11, Anne van Kesteren wrote: >> On Wed, 21 Mar 2012 23:47:00 +0100, Edward O'Connor <eoconnor@apple.com> >> wrote: >>> Please consider this zero edit Change Proposal for ISSUE-195: >>> >>> http://www.w3.org/html/wg/wiki/User:Eoconnor/ISSUE-195 >> >> Strong support. The other proposal is completely insecure. > > If there's something insecure about it, you probably should point out > what it is. Allowing cross-origin methods not previously allowed, allowing manipulation of headers cross-origin. Your basic insecure stuff that should have been known if the people making that change proposal had actually compared it to XMLHttpRequest. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 22 March 2012 09:38:00 UTC