On Fri, May 30, 2008 at 2:02 PM, Jonas Sicking <[EMAIL PROTECTED]> wrote: > With Access-Control-Origin it is easy to block all cross-site requests where > the requesting site can read the resulting data.
If you think this is an important use case, why not add a specific header that says "this is a cross-site XMLHttpRequest" instead of overloading the Access-Control-Origin header? Adam
