On Sat, 01 Sep 2007 01:59:32 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
Thomas Roessler wrote:
Apparently, the Mozilla folks have announced support for the
access-control spec, and caused some buzz about it.
I've dropped some pointers to this WG's public comment address.
I tried to reply on the blog the forwarded message links to, but it
seems to have comments disabled at this point.
Unfortunately the guy doesn't seem to neither have read the relevant
specs, nor done even the most basic testing. None of the attacks he
describe work, or rely on bugs in the server that would already allow
XSS attacks.
The latest Firefox3 alpha does have access-control support for XHR,
though using a now outdated spec. I plan on updating to the latest spec
soon.
Cool! The most notable thing I noticed was that it implements the
Content-Access-Control header as opposed to Access-Control, but I haven't
played much with the implementation so far...
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
