Maciej Stachowiak wrote:
Any definition of a same-origin policy would have to define how to
determine the hostname and port.
For what it's worth, an origin in Gecko also includes the scheme. This handles
things like http-to-https access (not allowed), unknown schemes (only
same-origin with another URI for that same unknown scheme no matter what) and so
forth well.
-Boris
P.S. If we do want to specify what an "origin" is we should perhaps also think
about URI schemes that do not have a host and port.
