On Tue, Feb 10, 2009 at 11:37 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > First, scheme is incorrect here as the scheme does not always determine a > specific protocol > (see 'http' is not just for HTTP saga).
I don't understand this level of pedantry, but if you want host-meta to be usable by Web browsers, you should use the algorithm in draft-abarth-origin to compute its scope from its URL. Any deviations from this algorithm will introduce cracks in the browser's security policy. Adam
