[whatwg] Proposal for cross domain security framework
Frode Børli
frode at seria.no
Mon Jun 23 05:18:22 PDT 2008
Hi! Thank you for pointing to that document. I quickly scanned trough
it but I have a small problem with the specification: does it require
web servers to check the Origin header? What happens with older web
applications that do not check this header?
Frode
2008/6/23 Anne van Kesteren <annevk at opera.com>:
> On Mon, 23 Jun 2008 09:34:27 +0200, Frode Børli <frode at seria.no> wrote:
>>
>> [...]
>
> I'd suggest looking into the work the W3C has been doing on this for the
> past two years:
>
> http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
> http://dev.w3.org/2006/waf/access-control/
>
>
> --
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>
--
Best regards / Med vennlig hilsen
Frode Børli
Seria.no
Mobile:
+47 406 16 637
Company:
+47 216 90 000
Fax:
+47 216 91 000
Think about the environment. Do not print this e-mail unless you really need to.
Tenk miljø. Ikke skriv ut denne e-posten dersom det ikke er nødvendig.
More information about the whatwg
mailing list