[whatwg] Need to define same-origin policy for WebIDL operations/getters/setters
Boris Zbarsky
bzbarsky at MIT.EDU
Fri Jan 11 08:33:51 PST 2013
On 1/11/13 1:29 AM, Adam Barth wrote:
> On Wed, Jan 9, 2013 at 8:21 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> Yes, agreed. For what it's worth, I believe Gecko recently made history not
>> accessible cross-origin anymore
>
> Do you have a link to the bug where that change was made?
https://bugzilla.mozilla.org/show_bug.cgi?id=801576
>> Returning null for these is probably fine. I think I'd support making this
>> list of things return null cross-origin. Just to check, do you make this
>> determination based on the origin or the effective script origin (in spec
>> terms)?
>
> The effective script origin.
Good, good. So implementing this is pretty straightforward; just have
to watch out for compat issues. The fact that you guys do it already
should help with that, hopefully.
-Boris
More information about the whatwg
mailing list