On Mon, 08 Feb 2010 18:01:18 +0100, Julian Reschke <julian.reschke@gmx.de> wrote: > Is re-binding == spoofing? Does > <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.15.3> help, > or does nit need to be updated (Thomas; HTTPbis will gladly accept your > input ;-). As far as I can tell DNS rebinding is possible because clients observe TTL and can be prevented by servers carefully checking the Host header. The solutions clients can employ have potential drawbacks: http://en.wikipedia.org/wiki/DNS_rebinding I.e. it seems to be something different. > HTML5 defines when two origins are the same, but it's remarkably silent > about the so-called "same-origin policy". The information may be there, > but it#s not obvious where it is. I think you are right in that it does not actually explain what it is. You filed a bug on the matter so hopefully it gets resolved in due course. -- Anne van Kesteren http://annevankesteren.nl/Received on Monday, 8 February 2010 17:14:58 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:05 UTC