Ian Hickson wrote:
* message.domain isn't actually enough to verify any security, given that
on shared hosts one IP address can map to several hostnames and thus people
can end up running servers on different ports that respond to requests from
domains they don't own.
* message.uri can leak information, e.g. if the user's password is in the
query component of the URI.
Good catches on both; I agree these changes make sense.
I've replaced both with .origin, which is intended to return the
scheme://hostname/ or scheme://hostname:port/ (when the port is non-standard)
of the origin of the source document.
I assume you meant without the trailing slash, given that that's actually part
of the path?
This doesn't sound like it should be too hard to implement, although the manual
splicing-out of the username/password from the origin is slightly worrying (if
entirely necessary) from a careful-manipulation-is-tricky point of view. I
don't see any other option, tho, on that point.
Jeff
