- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 20 Sep 2007 11:40:09 -0500
- To: Asbjørn Ulsberg <asbjorn@ulsberg.no>
- CC: Maciej Stachowiak <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>
Asbjørn Ulsberg wrote: > On Wed, 29 Aug 2007 09:03:05 +0200, Boris Zbarsky <bzbarsky@MIT.EDU> wrote: > >> P.S. If we do want to specify what an "origin" is we should perhaps >> also think about URI schemes that do not have a host and port. > > Can't we just reference RFC-3986, section 6.2.2 and 6.2.3? I don't see those saying anything about same-origin. What am I missing? I do think that same-origin checks must be done on fully normalized URIs, of course. Anything else doesn't make sense, really. -Boris
Received on Thursday, 20 September 2007 16:40:25 UTC