Re: Origin

Adam Barth wrote:
> On Fri, May 30, 2008 at 2:02 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>> With Access-Control-Origin it is easy to block all cross-site requests where
>> the requesting site can read the resulting data.
> 
> If you think this is an important use case, why not add a specific
> header that says "this is a cross-site XMLHttpRequest" instead of
> overloading the Access-Control-Origin header?

What I think is needed is a "this is a cross-site Access-Control 
request". Which I think is pretty close to what Access-Control-Origin was.

/ Jonas

Received on Friday, 30 May 2008 21:51:21 UTC