- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 29 Aug 2007 05:25:51 +0200
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: "Web API WG (public)" <public-webapi@w3.org>
* Maciej Stachowiak wrote: >The XHR spec doesn't define same-origin. We had a webkit bug filed >differently where we apparently interpreted same-origin differently >than IE or Firefox: <http://bugs.webkit.org/show_bug.cgi?id=15100> > >In particular, we would not consider https://example.com:443/ to be >the same origin as https://example.com/. > >Since this affects interoperability as well as security I would >suggest adding a definition, unless the spec expected to define same- >origin is going to happen soon. That might make sense, but I am unsure how the bug you mention is relevant here. It seems clear to me that https://example.com:443/ and https://example.com/ are exactly the same resource identifier, just like HTTPS://example.COM is the same as https://example.com/. It seems to me that if we add some kind of definition, we would not make explicit all the scheme-specific equivalence rules, and as such not really clarify the matter for the specific issue you mention. Could you say how you'd envision the fix to address the problem? -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 29 August 2007 03:44:49 UTC