[whatwg] WebSocket websocket-origin

Anne van Kesteren annevk at opera.com
Mon Sep 29 11:41:23 PDT 2008


What is the reason for doing literal comparison on the websocket-origin  
and websocket-location HTTP headers? Access Control for Cross-Site  
Requests is currently following this design for  
access-control-allow-origin but sicking is complaining about so maybe it  
should be URL-without-<path> comparison instead. (E.g., then  
http://example.org and http://example.org:80 would be equivalent.)


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>



More information about the whatwg mailing list