Re: [whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

On 1/11/13 1:29 AM, Adam Barth wrote:
> On Wed, Jan 9, 2013 at 8:21 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> Yes, agreed.  For what it's worth, I believe Gecko recently made history not
>> accessible cross-origin anymore
>
> Do you have a link to the bug where that change was made?

https://bugzilla.mozilla.org/show_bug.cgi?id=801576

>> Returning null for these is probably fine.  I think I'd support making this
>> list of things return null cross-origin.  Just to check, do you make this
>> determination based on the origin or the effective script origin (in spec
>> terms)?
>
> The effective script origin.

Good, good.  So implementing this is pretty straightforward; just have 
to watch out for compat issues.  The fact that you guys do it already 
should help with that, hopefully.

-Boris

Received on Friday, 11 January 2013 16:34:24 UTC