Darin Fisher wrote: > Backing up a second, I think what we need is a way to grant websites the > ability to control who may access their resources. It'd be ideal if the > browser had a way to ask the server for the list of hosts (or domains) > that are permitted to access it. I don't think this is a new idea as > several specifications have been attempted along these lines. Mozilla > even implements one of them for its SOAP and WSDL implementation.
My idea for that (bit of a one-track mind, me) was a Use-Domain: HTTP header. The JSON data would be served with "Use-Domain: www.mydomain.com", and the browser would refuse to give any page not from that domain access to the data. You could also use it to prevent image bandwidth stealing. Gerv
