- From: Robin Berjon <robin@berjon.com>
- Date: Wed, 18 Nov 2009 12:59:40 +0100
- To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
- Cc: "Marcos Caceres" <marcosc@opera.com>, "WebApps WG" <public-webapps@w3.org>
On Nov 9, 2009, at 20:22 , SULLIVAN, BRYAN L (ATTCINW) wrote: > (1) we need to be specific about which API's / resource types are affected by inclusion (or exclusion) of domains in <access> (and keep this equivalent to HTML5) We're very specific: it's a blanket exclusion. Now I can be sensitive to an argument indicating that the default is defined by the security policy of the host language, in which case we need to also clarify which default to pick when there are several (HTML for instance has different origin rules for file:// and http://). My primary objection is that it's pretty late to have this discussion, the restriction has been there for months. -- Robin Berjon - http://berjon.com/
Received on Wednesday, 18 November 2009 12:00:19 UTC