2
edits
Talk:Security/Origin: Difference between revisions
m
no edit summary
ReinsBrain (talk | contribs) (Created page with "I don't think this (Origin and laxing Same Origin Policy for XMLHttpRequest) is a really good idea for the reasons I have listed in this little article: http://blog.reinpetersen...") |
ReinsBrain (talk | contribs) mNo edit summary |
||
| Line 3: | Line 3: | ||
http://blog.reinpetersen.com/2009/03/same-origin-policy-needs-to-evolve-with.html | http://blog.reinpetersen.com/2009/03/same-origin-policy-needs-to-evolve-with.html | ||
You'll also find the right alternative - an 'opt-in' for web servers on cross domain requests... | You'll also find the right alternative - an 'opt-in' black/white list for web servers on cross domain requests... | ||
Mostly, we're pushing too much onto servers. Why can't the browser determine what exceptions to Same Origin Policy will be made based on a response header containing a white/black list of URLs? Why is Origin even necessary? | |||
Thanks for considering this, I think it is important.... | Thanks for considering this, I think it is important.... | ||
Rein | Rein | ||