- From: João Eiras <joaoe@opera.com>
- Date: Fri, 25 May 2012 13:27:02 +0200
- To: whatwg@lists.whatwg.org
On Thu, 24 May 2012 23:02:00 +0200, Maciej Stachowiak <mjs@apple.com> wrote: > > I agree. Even though there are still legacy features like cookies and > document.domain that use domain-based security, most of the Web platform > uses origin-based security, and that has proved to be a sounder model. > While I acknowledge the use cases for exposing location.domain, it's > also likely to become an attractive nuisance that pulls developers in > the wrong direction. > Although I understand this opinion and agree with it, the domain based security checks are used for cross frame interaction, cookies, security certificates, etc, therefore it has to be specified and documented. I don't think adding a location.tld property or location.topDomain would pull developers away from anything. It would just make the legacy domain based security checks a bit more easy to handle and understand. It's the specifications and APIs that tell which security model to use, not the developer.
Received on Friday, 25 May 2012 11:27:59 UTC