W3C home > Mailing lists > Public > public-webapi@w3.org > August 2007

XHR: definition of same-origin

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 28 Aug 2007 20:04:24 -0700
Message-Id: <EB99F2FC-B7FB-4CE9-8A87-894FAE62DBC3@apple.com>
To: "Web API WG (public)" <public-webapi@w3.org>

The XHR spec doesn't define same-origin. We had a webkit bug filed  
differently where we apparently interpreted same-origin differently  
than IE or Firefox: <http://bugs.webkit.org/show_bug.cgi?id=15100>

In particular, we would not consider https://example.com:443/ to be  
the same origin as https://example.com/.

Since this affects interoperability as well as security I would  
suggest adding a definition, unless the spec expected to define same- 
origin is going to happen soon.

Received on Wednesday, 29 August 2007 03:04:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:57 UTC