Hi Art, All,
Please find below my editorial comments and requests for clarifications
based on the new WD [1]. While it is a long list the comments are all
minor and so hopefully easily addressed. Overall I think the spec is
looking good, for which a lot of thanks must go to Frederick and Marcos!
On Apr 7, 2009, at 06:37 , Jonas Sicking wrote:
On Mon, Apr 6, 2009 at 8:48 AM, Scott Wilson
scott.bradley.wil...@gmail.com wrote:
On 6 Apr 2009, at 15:33, Anne van Kesteren wrote:
You will have this problem regardless of how you solve this issue
if you
do not also require a specific
On Tue, 07 Apr 2009 01:49:13 +0200, Tyler Close tyler.cl...@gmail.com
wrote:
Well, Anne, as I said in the previous paragraph, the one you deleted,
I'm considering an application that does its messaging via
XMLHttpRequest.
Sheesh.
My bad. However, just being able to insert a URI and not do
On Mon, Apr 6, 2009 at 2:09 PM, Bil Corry b...@corry.biz wrote:
Can we please include the Origin header for all same-origin requests,
including GET and HEAD? Or is there a compelling reason why not do to so?
Also, would there be value in having Origin sent for *all* requests, and if
Adam Barth wrote on 4/7/2009 11:54 AM:
On Mon, Apr 6, 2009 at 2:09 PM, Bil Corry b...@corry.biz wrote:
Can we please include the Origin header for all same-origin requests,
including GET and HEAD? Or is there a compelling reason why not do to so?
Also, would there be value in having Origin
During the April 2 widgets call, Frederick raised concerns about
synchronizing the Widgets DigSig spec with XML Signatures 1.1 and
Signature properties [1], given the schedule proposed in [2] which
seeks to help align our widgets specs with BONDI's use of those specs
for their 1.0 RC.
On Tue, Apr 7, 2009 at 10:24 AM, Bil Corry b...@corry.biz wrote:
How set in stone is Origin within CORS?
I don't think we want to impede CORS with these issues. CORS is quite
close to shipping in a number of implementations. I certainly don't
want to hold it hostage.
The ideal scenario would
On Tue, Apr 7, 2009 at 10:38 AM, Tyler Close tyler.cl...@gmail.com wrote:
On Mon, Apr 6, 2009 at 6:31 PM, Jonas Sicking jo...@sicking.cc wrote:
On Mon, Apr 6, 2009 at 5:36 PM, Tyler Close tyler.cl...@gmail.com wrote:
On Mon, Apr 6, 2009 at 5:21 PM, Jonas Sicking jo...@sicking.cc wrote:
On Tue, Apr 7, 2009 at 3:57 PM, Jonas Sicking jo...@sicking.cc wrote:
My point is that having two APIs that are identical and intended to be
used for basically the same thing, except for that they use different
security models, is a security bug waiting to happen.
So you do of course realize
On Tue, Apr 7, 2009 at 4:16 PM, Tyler Close tyler.cl...@gmail.com wrote:
On Tue, Apr 7, 2009 at 3:57 PM, Jonas Sicking jo...@sicking.cc wrote:
My point is that having two APIs that are identical and intended to be
used for basically the same thing, except for that they use different
security
Hello All,
Last summer Mozilla introduced potential Working Group items, among
which was Content Security Policy. We have done a lot of work refining
this proposal and I would like to re-submit it for comment and critique:
https://wiki.mozilla.org/Security/CSP
11 matches
Mail list logo