- From: Anne van Kesteren <annevk@opera.com>
- Date: Sun, 14 Mar 2010 11:06:58 +0100
On Sun, 14 Mar 2010 02:45:26 +0100, Brett Zamir <brettz9 at yahoo.com> wrote: >>> Servers are already free to obtain and mix in content from other >>> sites, so why can't client-side HTML JavaScript be similarly empowered? >> >> Because you would also have access to e.g. IP-authenticated servers. > > As suggested above, could a header be required on compliant browsers to > send a header along with their request indicating the originating > server's domain? No, existing servers would still be vulnerable. -- Anne van Kesteren http://annevankesteren.nl/
Received on Sunday, 14 March 2010 03:06:58 UTC