- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 29 Aug 2007 02:03:05 -0500
- To: Maciej Stachowiak <mjs@apple.com>
- CC: "Web API WG (public)" <public-webapi@w3.org>
Maciej Stachowiak wrote: > Any definition of a same-origin policy would have to define how to > determine the hostname and port. For what it's worth, an origin in Gecko also includes the scheme. This handles things like http-to-https access (not allowed), unknown schemes (only same-origin with another URI for that same unknown scheme no matter what) and so forth well. -Boris P.S. If we do want to specify what an "origin" is we should perhaps also think about URI schemes that do not have a host and port.
Received on Wednesday, 29 August 2007 07:03:23 UTC