[whatwg] JSONRequest

Gervase Markham gerv at mozilla.org
Mon Mar 13 10:48:08 PST 2006


Darin Fisher wrote:
> Backing up a second, I think what we need is a way to grant websites the
> ability to control who may access their resources.  It'd be ideal if the
> browser had a way to ask the server for the list of hosts (or domains)
> that are permitted to access it.  I don't think this is a new idea as
> several specifications have been attempted along these lines.  Mozilla
> even implements one of them for its SOAP and WSDL implementation.

My idea for that (bit of a one-track mind, me) was a Use-Domain: HTTP
header. The JSON data would be served with "Use-Domain:
www.mydomain.com", and the browser would refuse to give any page not
from that domain access to the data.

You could also use it to prevent image bandwidth stealing.

Gerv



More information about the whatwg mailing list