On Tue, 13 May 2008 07:42:59 +0200, Adam Barth <[EMAIL PROTECTED]> wrote:
One option is to rename the header "Sec-Origin", which is already blocked in XHR Level 1.
True, but I think Access-Control-Origin is better as it more clearly indicates what it is related to. And since we can safely do it given that cross-site requests won't work for XMLHttpRequest until Access Control is implemented I think it's acceptable.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
