* Maciej Stachowiak wrote: >The XHR spec doesn't define same-origin. We had a webkit bug filed >differently where we apparently interpreted same-origin differently >than IE or Firefox: <http://bugs.webkit.org/show_bug.cgi?id=15100> > >In particular, we would not consider https://example.com:443/ to be >the same origin as https://example.com/. > >Since this affects interoperability as well as security I would >suggest adding a definition, unless the spec expected to define same- >origin is going to happen soon.
That might make sense, but I am unsure how the bug you mention is relevant here. It seems clear to me that https://example.com:443/ and https://example.com/ are exactly the same resource identifier, just like HTTPS://example.COM is the same as https://example.com/. It seems to me that if we add some kind of definition, we would not make explicit all the scheme-specific equivalence rules, and as such not really clarify the matter for the specific issue you mention. Could you say how you'd envision the fix to address the problem? -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
