- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 3 Dec 2009 09:40:34 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Daniel Stenberg <daniel@haxx.se>, Joe Gregorio <joe@bitworking.org>, "Manger, James H" <James.H.Manger@team.telstra.com>, public-web-security@w3.org
On Thu, Dec 3, 2009 at 9:36 AM, Tyler Close <tyler.close@gmail.com> wrote: > SOP does allow some mucking around with the domain name topology (via > document.domain), but AFAIK, this wouldn't allow foo.example.com to > PUT to bar.example.com. Actually, it does if both foo.example.com and bar.example.com opt in by setting their document.domain property to "example.com". Yes, document.domain is an abomination. Newer APIs rightfully ignore it. Adam
Received on Thursday, 3 December 2009 17:41:31 UTC