Anne van Kesteren wrote:
I think HTML5 needs to define this as my understanding is that document.domain is also relevant in deciding whether or not a request is same-origin.
Actually, I don't think it is. I know IE and Gecko ignore document.domain for the existing same-origin checks... Gecko used to take it into account, but of course that broke sites given that IE ignores it.
-Boris
