W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 13 Mar 2006 18:48:08 +0000
Message-ID: <4415BE68.3010508@mozilla.org>
Darin Fisher wrote:
> Backing up a second, I think what we need is a way to grant websites the
> ability to control who may access their resources.  It'd be ideal if the
> browser had a way to ask the server for the list of hosts (or domains)
> that are permitted to access it.  I don't think this is a new idea as
> several specifications have been attempted along these lines.  Mozilla
> even implements one of them for its SOAP and WSDL implementation.

My idea for that (bit of a one-track mind, me) was a Use-Domain: HTTP
header. The JSON data would be served with "Use-Domain:
www.mydomain.com", and the browser would refuse to give any page not
from that domain access to the data.

You could also use it to prevent image bandwidth stealing.

Gerv
Received on Monday, 13 March 2006 10:48:08 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC