Good to know, thank you. On Fri, Jul 22, 2011 at 5:55 AM, Dave Cridland <[email protected]> wrote:
> On Fri Jul 22 03:24:41 2011, David Endicott wrote: > >> there are added inefficiencies. Also the name resolution of the HTTP >> that >> serves the Javascript that opens the WS should remain constant. If WS >> resolves the host/domain to a different address than the HTTP it was >> spawned >> from, it becomes a method to bypass same-origin / CORS restrictions. >> > > That's an unfortunate misunderstanding. > > All protocols that use SRV records maintain the target domain. > > So a ws://example.com/xyz would still send a Host header of "example.com", > whether SRV or not, so there is no impact on same origin policy, CORS, etc. > > > Dave. > -- > Dave Cridland - mailto:[email protected] - xmpp:[email protected] > - > acap://acap.dave.cridland.net/**byowner/user/dwd/bookmarks/<http://acap.dave.cridland.net/byowner/user/dwd/bookmarks/> > - http://dave.cridland.net/ > Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade >
_______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
