- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 06 Oct 2008 15:51:35 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: public-webapps <public-webapps@w3.org>
On Mon, 29 Sep 2008 19:47:49 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > What says that an origin is not a URI? Sure, many URIs deny access, > but it looks to me like they are still subsets of URIs. If we say that > they are not URIs, why not go all out and invent a new syntax, such as > > http.org.example.www:80 > > to allow the site http://www.example.org? This would reduce confusion > around them being URIs. > > However I think it would be better to keep them as URIs, while saying > that if there is a path, or if the URI is not same-origin as the > Origin header then deny access. I decided not to change this as HTML5 WebSocket is not doing this either. I did forward your comment: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-September/016358.html http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-October/016550.html -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 6 October 2008 13:52:18 UTC