On Mon, 08 Feb 2010 18:01:18 +0100, Julian Reschke <julian.resc...@gmx.de>
wrote:
Is re-binding == spoofing? Does
<http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.15.3> help,
or does nit need to be updated (Thomas; HTTPbis will gladly accept your
input ;-).
As far as I can tell DNS rebinding is possible because clients observe TTL
and can be prevented by servers carefully checking the Host header. The
solutions clients can employ have potential drawbacks:
http://en.wikipedia.org/wiki/DNS_rebinding
I.e. it seems to be something different.
HTML5 defines when two origins are the same, but it's remarkably silent
about the so-called "same-origin policy". The information may be there,
but it#s not obvious where it is.
I think you are right in that it does not actually explain what it is. You
filed a bug on the matter so hopefully it gets resolved in due course.
--
Anne van Kesteren
http://annevankesteren.nl/