- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 08 Aug 2008 09:49:52 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Sunava Dutta <sunavad@windows.microsoft.com>, Maciej Stachowiak <mjs@apple.com>, Sharath Udupa <Sharath.Udupa@microsoft.com>, Zhenbin Xu <Zhenbin.Xu@microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, "public-webapps@w3.org" <public-webapps@w3.org>, IE8 Core AJAX SWAT Team <ieajax@microsoft.com>
Anne van Kesteren wrote: > On Fri, 08 Aug 2008 11:38:55 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> String comparison is not going to be ok either way. The following two >> origins are equivalent: >> >> http://www.foo.com >> http://www.foo.com:80 > > My proposal was to treat those as non-equivalent. Basically, to require > Access-Control-Allow-Origin to have the same value as Origin. The downside with doing that is that we can't use the same syntax for Access-Control as for postMessage. (Yes, I'm still intending to get postMessage fixed, haven't had time yet though). Not sure how big the value is in that though... / Jonas
Received on Friday, 8 August 2008 16:51:29 UTC