I took a look back to see what AC looked like back in Feb. 2007: * http://www.w3.org/TR/2007/WD-access-control-20070215/
and the spec was very short and says "The policy described is only safe for
HEAD and GET requests. " Things have changed quite a bit since then.
It probably does makes sense to split off AC for XHR from AC for XBL and
VXML.
Jon
Ian Hickson
<[EMAIL PROTECTED]>
Sent by: To
public-webapps-re Thomas Roessler <[EMAIL PROTECTED]>
[EMAIL PROTECTED] cc
Jonas Sicking <[EMAIL PROTECTED]>,
"WAF WG (public)"
06/13/08 01:56 PM <[email protected]>,
[EMAIL PROTECTED]
Subject
Re: [AC] Helping server admins not
making mistakes
On Fri, 13 Jun 2008, Thomas Roessler wrote:
>
> The second requirement above rules out the processing instruction.
> Let's get rid of it.
Do we really think authors of XBL2 and VoiceXML are going to be able to
set headers on their sites? That seems like a much higher barrier to entry
than we should have.
Maybe we should separate Access-Control for XHR from Access-Control for
XBL and VXML?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
<<inline: graycol.gif>>
<<inline: pic11037.gif>>
<<inline: ecblank.gif>>
