Close, Tyler J. wrote:
Anne van Kesteren wrote:
On Wed, 06 Feb 2008 23:05:17 +0100, Close, Tyler J.
<[EMAIL PROTECTED]>
wrote:
What mechanism is the WG recommending for assigning
accountability for a
cross-domain request? It seems some mechanism must be
recommended, since
the WG has eliminated the status quo approach.
What is recommended for this for cross-site GET and POST today?
Today, browsers and sites cooperate to prevent cross-domain requests. This WG
is proposing a mechanism for the two to agree on the exchange of cross-domain
requests, but is doing so in a way that prevents use of the status quo
mechanism for assigning accountability, as currently used for non-cross-domain
requests.
You can today perform cross-site POST requests using normal HTML
<form>s. This works much the same way.
Another way to look at it is; if you host web pages on your web server,
who do you hold accountable today? The person creating the webpage, or
the person whose cookies or auth credentials you receive.
/ Jonas
