Re: [xhr2] cross site non-GET requests and redirects from Anne van Kesteren on 2007-08-06 (public-webapi@w3.org from August 2007)

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 06 Aug 2007 15:31:39 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Web APIs WG" <public-webapi@w3.org>, "Ian Hickson" <ian@hixie.ch>
Message-ID: <op.twm3u1m864w2qv@annevk-t60.oslo.opera.com>

On Wed, 01 Aug 2007 01:01:55 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> In the implementation I've written, the decision weather to check access  
> control headers is done by comparing the final uri with the requesting  
> uri. So if you're redirected back to the original server no  
> access-control check is done.

Ok, I've integrated this now in the XMLHttpRequest level 2 draft (support  
for cross-site XMLHttpRequest). I've not yet included Referer-Root:

   http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Monday, 6 August 2007 13:32:07 UTC