Re: XHR: definition of same-origin from Boris Zbarsky on 2007-09-26 (public-webapi@w3.org from September 2007)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 26 Sep 2007 09:06:08 -0500
To: Anne van Kesteren <annevk@opera.com>
CC: Maciej Stachowiak <mjs@apple.com>, "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <46FA6750.1030805@mit.edu>

Anne van Kesteren wrote:
> Yes. If I get all this stuff correctly a script could be running on 
> bar.com using the XMLHttpRequest from another frame which is on 
> foo.bar.com. Depending on which definition is used it can either access 
> bar.com or foo.bar.com content (but not both), right?

Basically, yes.

-Boris

Received on Wednesday, 26 September 2007 14:06:46 UTC