On Nov 22, 2:03 pm, Lucas Adamski <[EMAIL PROTECTED]> wrote: > Yes, my understanding is that Access Control is actually intended as a > generic cross-site server policy mechanism, and XHR is just its first > implementation.
Anne confirmed that it's not intended to be XHR-only, however it's not intended for all types of requests either. He specifically said it would not work for <iframe> due to cross-site scripting issues. - Bil _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
