- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 22 Sep 2010 12:36:15 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Webapps WG <public-webapps@w3.org>
On Wed, Sep 22, 2010 at 12:26 PM, Anne van Kesteren <annevk@opera.com> wrote: > On Wed, 22 Sep 2010 21:20:09 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> >> On Wed, Sep 22, 2010 at 12:16 PM, Anne van Kesteren <annevk@opera.com> >> wrote: >>> >>> We don't want to keep updating the "safe" list. So they're all "unsafe". >>> Or >>> maybe not "unsafe", just not compatible with HTML forms. >> >> What we're really concerned about here is the HTML/SVG/web/whathaveyou >> same-origin security model that browsers implement and servers >> generally rely on. This model only allows cross-origin requests that >> use get/head/post-with-some-content-types. So that might be the term >> to use here. > > What term? > > "simple methods" is by the way just an indication of whether they follow the > "simple cross-origin request" set of steps. "simple" has nothing to do with > "safe". They are distinct terms. I was thinking of "same-origin security model". But as long as this is just an editorial issue, I really don't care about what wording is used. / Jonas
Received on Thursday, 23 September 2010 02:40:38 UTC