- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 08 Jul 2008 21:50:46 +0200
- To: "Sunava Dutta" <sunavad@windows.microsoft.com>
- Cc: "WebApps WG" <public-webapps@w3.org>
Hi, In theory XDomainRequest can now use a profiled version of the Access Control for Cross-Site Requests specification as long as the credentials flag is false, it does not allow setting any headers other than those in the whitelist, and the HTTP method is GET or POST. I believe this is what XDomainRequest is limited to today. Servers would only need to use the Access-Control-Origin header (all headers are ignored anyway by the client if you keep within the outlined limits) and XDomainRequest clients would only need to check that header. Let me know if there are any questions regarding this. Kind regards, -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 8 July 2008 19:51:20 UTC