On 8 Mar 2005 at 19:09, Chris Holland wrote: > How about requiring from a service that it sets an extra HTTP header > to offer its content to "foreign" hosts: > > X-Allow-Foreign-Host: All | None | .someforeigndomain.com | > .somehost.someforeigndomain.com
I think that's a neat idea (and I was about to post something similar). Perhaps we can simply extend the XMLHttpRequest functionality saying that the UA should do a HEAD request and check for this header before throwing an exception if a cross-domain connection is attempted? -- Hallvord Reiar Michaelsen Steen http://www.hallvord.com/ Note: mail to hallvors at online.no will still be read but you may want to start using hallvord at hallvord.com instead