[EMAIL PROTECTED] wrote:
> I've updated the proposal to make this aspect a bit more clear:
> http://people.mozilla.org/~bsterne/site-security-policy/details.html
The documentation for Request-Source is now more complete, but it's a
bit jumbled. I would make bullet 4 into bullet 2, and remove the s
Terri wrote:
> There's no way for the
> external content provider to say "no, that's an action-causing script,
> we don't let other people use that" on requests that are "safe".
That's right - because if there was, we'd have to do checks on every
cross-domain request a page made. And the performa