- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 17 Dec 2009 16:48:42 +0000 (UTC)
- To: Devdatta <dev.akhawe@gmail.com>
- Cc: Kenton Varda <kenton@google.com>, public-webapps <public-webapps@w3.org>
On Wed, 16 Dec 2009, Devdatta wrote: > > hmm.. just a XDR GET on the file at hixie.ch which allows access only if > the request is from damowmow.com ? It couldn't be XDR -- XDR is a script-based mechanism, whereas XBL can be invoked before the root element is parsed. But even assuming the XDR protocol could be extended to XBL, that would require scripting or much more complicated .htaccess rules. With CORS, I can do it with one simple line in .htaccess. Also, as I understand it, XDR sends an "Origin" header, which is what UM is trying to avoid. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 17 December 2009 16:49:29 UTC