On Fri, 08 Aug 2008 11:20:44 +0200, Julian Reschke <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
On Fri, 08 Aug 2008 08:28:48 +0200, Jonas Sicking <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
My plan is to simply require Access-Control-Allow-Origin to hold the
ASCII serialization of an origin (see HTML5) and have a literal
comparison of that with the value of Origin. This would be quite
strict, but should be fine I think.
That is fine, though I'm inclined to think that the trailing slash
should be allowed in the HTML5 syntax for an origin.
That would would preclude string comparison though and require
something less trivial.
How would that preclude string comparison? (->
<http://greenbytes.de/tech/webdav/rfc3986.html#comparison-string>)
If it is merely allowed and not always there you can't perform string
comparison but instead have to strip the trailing slash first or something
like that, etc.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
