Anne van Kesteren wrote:
On Fri, 30 May 2008 20:08:24 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
However IMHO it makes more sense as an extra level of security. To
deal with servers supporting actions that the server administrator is
unaware of or wasn't thinking of when enabling Access-Control.
Ok. It's not really clear to me whether this extra level is needed or
desired, as it further complicates the original proposal. With all the
other proposals you're making it overall becomes much more complex and
harder for authors to grasp what they have to do to get it right.
I'd be interested in hearing feedback from Maciej / Apple / WebKit on
this proposal.
I'd be equally interested to hear Operas opinion. A while back you said
that you were going to consult with your security guys, but I'm not sure
that I saw a followup to that.
Is Opera ok with that enabling Access-Control always enables the full
set of possible combinations of methods and headers?
/ Jonas
