Julian Reschke wrote:
Anne van Kesteren wrote:
On Fri, 08 Aug 2008 08:28:48 +0200, Jonas Sicking <[EMAIL PROTECTED]>
wrote:
Anne van Kesteren wrote:
My plan is to simply require Access-Control-Allow-Origin to hold
the ASCII serialization of an origin (see HTML5) and have a literal
comparison of that with the value of Origin. This would be quite
strict, but should be fine I think.
That is fine, though I'm inclined to think that the trailing slash
should be allowed in the HTML5 syntax for an origin.
That would would preclude string comparison though and require
something less trivial.
How would that preclude string comparison? (->
<http://greenbytes.de/tech/webdav/rfc3986.html#comparison-string>)
String comparison is not going to be ok either way. The following two
origins are equivalent:
http://www.foo.com
http://www.foo.com:80
/ Jonas
