The two cross-domain mechanism are similar, you're right that there should be an implementation independent setting for the user, so that s/he should not have to deal with implementation specific settings.
On Tue, Jul 27, 2010 at 12:00 PM, Niklas Gustavsson <[email protected]> wrote: > Hi > > We currently handle the Flash based crossdomain.xml and the upcoming > Access-Control-Allow-Origin in different ways in our code. How about, > instead of setting a path to a crossdomain.xml file, we allow the user > to provide a list of allowed domains. That way, we can create a > response to /crossdomain.xml on the fly as well as correctly set > Access-Control-Allow-Origin. Also, I think we should default both of > these to only allow access from the domain the BoshServlet runs on. > > If this sounds good, I'll go ahead and make the changes. > > /niklas >
