[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters

Boris Zbarsky bzbarsky at MIT.EDU
Fri Jan 11 08:33:51 PST 2013

On 1/11/13 1:29 AM, Adam Barth wrote:
> On Wed, Jan 9, 2013 at 8:21 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> Yes, agreed.  For what it's worth, I believe Gecko recently made history not
>> accessible cross-origin anymore
> Do you have a link to the bug where that change was made?


>> Returning null for these is probably fine.  I think I'd support making this
>> list of things return null cross-origin.  Just to check, do you make this
>> determination based on the origin or the effective script origin (in spec
>> terms)?
> The effective script origin.

Good, good.  So implementing this is pretty straightforward; just have 
to watch out for compat issues.  The fact that you guys do it already 
should help with that, hopefully.


More information about the whatwg mailing list