On Nov 9, 2009, at 20:22 , SULLIVAN, BRYAN L (ATTCINW) wrote:
> (1) we need to be specific about which API's / resource types are affected by 
> inclusion (or exclusion) of domains in <access> (and keep this equivalent to 
> HTML5)

We're very specific: it's a blanket exclusion. Now I can be sensitive to an 
argument indicating that the default is defined by the security policy of the 
host language, in which case we need to also clarify which default to pick when 
there are several (HTML for instance has different origin rules for file:// and 
http://). My primary objection is that it's pretty late to have this 
discussion, the restriction has been there for months.

-- 
Robin Berjon - http://berjon.com/




Reply via email to