On Mon, 29 Sep 2008 19:47:49 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
What says that an origin is not a URI? Sure, many URIs deny access,
but it looks to me like they are still subsets of URIs. If we say that
they are not URIs, why not go all out and invent a new syntax, such as
http.org.example.www:80
to allow the site http://www.example.org? This would reduce confusion
around them being URIs.
However I think it would be better to keep them as URIs, while saying
that if there is a path, or if the URI is not same-origin as the
Origin header then deny access.
I decided not to change this as HTML5 WebSocket is not doing this either.
I did forward your comment:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-September/016358.html
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-October/016550.html
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
