[whatwg] Proposal for cross domain security framework

Frode Børli frode at seria.no
Mon Jun 23 05:18:22 PDT 2008


Hi! Thank you for pointing to that document. I quickly scanned trough
it but I have a small problem with the specification: does it require
web servers to check the Origin header? What happens with older web
applications that do not check this header?

Frode


2008/6/23 Anne van Kesteren <annevk at opera.com>:
> On Mon, 23 Jun 2008 09:34:27 +0200, Frode Børli <frode at seria.no> wrote:
>>
>> [...]
>
> I'd suggest looking into the work the W3C has been doing on this for the
> past two years:
>
>  http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
>  http://dev.w3.org/2006/waf/access-control/
>
>
> --
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>



-- 
Best regards / Med vennlig hilsen
Frode Børli
Seria.no

Mobile:
+47 406 16 637
Company:
+47 216 90 000
Fax:
+47 216 91 000


Think about the environment. Do not print this e-mail unless you really need to.

Tenk miljø. Ikke skriv ut denne e-posten dersom det ikke er nødvendig.


More information about the whatwg mailing list