W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Gervase Markham <gerv@mozilla.org>
Date: Tue, 21 Mar 2006 00:20:40 +0000
Message-ID: <441F46D8.5030604@mozilla.org>
Chris Holland wrote:
> That's where the extra HTTP header would come-in:
> "X-Allow-Foreign-Hosts": Forcing developers who expose such a service,
> to make the conscious choice to expose data to the world, what Jim
> refers to as "OPT-IN". 

I believe the usual objection to this (which was raised when I suggested
something similar) is that some services respond to requests by doing
something - therefore, a model which allows cross-site requests has to
check that the request is permitted before making it, not before
processing the result.

I believe the Mozilla Foundation has done some work in this area using a
top-level site-wide XML document to specify what services can be
accessed cross-domain; but I don't know the details. Perhaps someone
else can chime in with them.

Gerv
Received on Monday, 20 March 2006 16:20:40 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC