RE: A way forward

I believe there is a simple work-around to resolve this problem. Root string in EOT-Lite does not have to be empty, it may contain the domain name of the origin that will simply be ignored by all other browsers except IE. When EOT-Lite is processed by Firefox and other browsers – the root string is ignored and same origin restriction is applied. For legacy IE browsers – the root string will serve the same purpose of same origin restriction and, therefore, no need to require Referrer checking.


Technically that’d work but it also defeats one of the main purposes of the original proposal which was to get us all out of the rootstring management nightmare.

Received on Friday, 24 July 2009 22:28:08 UTC