On Mon, 11 Feb 2008, John Panzer wrote: > > My point here is just that there are existing mechanisms that are > already deployed in the field to deal with these attacks. And to plead, > as a side note, not to block the use of such mechanisms for AC4CSR...
I'm not sure we could block them if we tried. :-) (Though they might need to use different headers, of course -- we obviously can't allow scripts doing cross-origin requests to arbitrarily change HTTP authenticiation headers.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
