W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] WebSocket websocket-origin

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 29 Sep 2008 14:41:23 -0400
Message-ID: <op.uh8969an64w2qv@annevk-t60.oslo.opera.com>
What is the reason for doing literal comparison on the websocket-origin  
and websocket-location HTTP headers? Access Control for Cross-Site  
Requests is currently following this design for  
access-control-allow-origin but sicking is complaining about so maybe it  
should be URL-without-<path> comparison instead. (E.g., then  
http://example.org and http://example.org:80 would be equivalent.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 29 September 2008 11:41:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC