- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 28 Apr 2009 14:41:24 +0200
- To: "WebApps WG" <public-webapps@w3.org>
The specification currently suggests to guard against subdomains. I was wondering why subdomains are called out and not different ports or even completely different domains now that postMessage() is available. Since this particular section keeps talking about domains I was wondering if it has actually been updated to reflect the switch from a domain-based policy to a origin-based policy for storage. It seems that some of the recommendations need to be reworded. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 28 April 2009 12:42:20 UTC