[whatwg] Behavior when <script> is removed from DOM

Mark S. Miller erights at google.com
Thu Dec 8 16:31:13 PST 2011


On Thursday, December 8, 2011, Yehuda Katz wrote:

>
> I'm probably still misunderstanding, but the current security
> infrastructure of the web supports cross-origin XHR only with a new kind of
> explicit server opt-in that most APIs do not support.
>


In that case you are understanding correctly. My point was that *except for
the lack of this header*, the rest of this JSONP API is just a one liner.


-- 
    Cheers,
    --MarkM



More information about the whatwg mailing list