Changes

Jump to: navigation, search

Cross Site XMLHttpRequest

230 bytes removed, 00:58, 13 February 2007
Security worries
* Should we try to follow these specs even when accessing files on the same domain? From the sites point of view they can't rely on that anyway since all browsers don't support the access-control spec (and old versions never will).
 
* What are the security implications of setting up the "real" document before knowing if access checks will succeed or not. We could easily make sure the page doesn't get access to the document, but there might be other worries.
* We have to make sure to not notify the onreadystatechange listener or any other listeners until we've done all access control checks. Otherwise it would be possible to check for the availability of files on other servers though you couldn't actually read the content.
Sicking
Confirm
716
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/48957"

Navigation menu