- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 08 Aug 2008 11:35:44 +0200
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "Jonas Sicking" <jonas@sicking.cc>, "Sunava Dutta" <sunavad@windows.microsoft.com>, "Maciej Stachowiak" <mjs@apple.com>, "Sharath Udupa" <Sharath.Udupa@microsoft.com>, "Zhenbin Xu" <Zhenbin.Xu@microsoft.com>, "Gideon Cohn" <gidco@windows.microsoft.com>, "public-webapps@w3.org" <public-webapps@w3.org>, "IE8 Core AJAX SWAT Team" <ieajax@microsoft.com>
On Fri, 08 Aug 2008 11:20:44 +0200, Julian Reschke <julian.reschke@gmx.de> wrote: > Anne van Kesteren wrote: >> On Fri, 08 Aug 2008 08:28:48 +0200, Jonas Sicking <jonas@sicking.cc> >> wrote: >>> Anne van Kesteren wrote: >>>> My plan is to simply require Access-Control-Allow-Origin to hold the >>>> ASCII serialization of an origin (see HTML5) and have a literal >>>> comparison of that with the value of Origin. This would be quite >>>> strict, but should be fine I think. >>> >>> That is fine, though I'm inclined to think that the trailing slash >>> should be allowed in the HTML5 syntax for an origin. >> That would would preclude string comparison though and require >> something less trivial. > > How would that preclude string comparison? (-> > <http://greenbytes.de/tech/webdav/rfc3986.html#comparison-string>) If it is merely allowed and not always there you can't perform string comparison but instead have to strip the trailing slash first or something like that, etc. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 8 August 2008 09:36:21 UTC