On Wed, 24 Jun 2009 19:22:35 +0200, Henry S. Thompson <[email protected]>
wrote:
One point of clarification: my (admittedly imperfect) understanding
was that the most important parts of CORS have to be implemented
_server_-side for the proposal to achieve its goals. If that's true,
browser deployment alone is insufficient. Is that a misunderstanding
on my part?
As was pointed out elsewhere in this thread it was.
I was wondering if the TAG considers this item closed or wishes to know
something more, in which case I'd like to hear about it! I'm trying to
wrap up email threads and this is one of them. Thanks!
Kind regards,
PS: The remainder of this thread about redirects and CSRF is being taken
care of by updates to both CORS and the Origin header draft Adam is
working on. In short Origin will most likely become a space-separated list
revealing the entire request chain.
--
Anne van Kesteren
http://annevankesteren.nl/
