016358.html | searchcode

/lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016358.html

https://github.com/whatwg/whatwg.org · HTML · 72 lines · 60 code · 5 blank · 7 comment · 0 complexity · 6989925330d82dd76a38d21a7e734963 MD5 · raw file

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [whatwg] WebSocket websocket-origin
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:whatwg%40lists.whatwg.org?Subject=Re%3A%20%5Bwhatwg%5D%20WebSocket%20websocket-origin&In-Reply-To=%3Cop.uh8969an64w2qv%40annevk-t60.oslo.opera.com%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="016343.html">
   <LINK REL="Next"  HREF="016377.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[whatwg] WebSocket websocket-origin</H1>
<!--htdig_noindex-->
    <B>Anne van Kesteren</B> 
    <A HREF="mailto:whatwg%40lists.whatwg.org?Subject=Re%3A%20%5Bwhatwg%5D%20WebSocket%20websocket-origin&In-Reply-To=%3Cop.uh8969an64w2qv%40annevk-t60.oslo.opera.com%3E"
       TITLE="[whatwg] WebSocket websocket-origin">annevk at opera.com
       </A><BR>
    <I>Mon Sep 29 11:41:23 PDT 2008</I>
    <P><UL>
        <LI>Previous message: <A HREF="016343.html">[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
</A></li>
        <LI>Next message: <A HREF="016377.html">[whatwg] WebSocket websocket-origin
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#16358">[ date ]</a>
              <a href="thread.html#16358">[ thread ]</a>
              <a href="subject.html#16358">[ subject ]</a>
              <a href="author.html#16358">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--/htdig_noindex-->
<!--beginarticle-->
<PRE>What is the reason for doing literal comparison on the websocket-origin  
and websocket-location HTTP headers? Access Control for Cross-Site  
Requests is currently following this design for  
access-control-allow-origin but sicking is complaining about so maybe it  
should be URL-without-&lt;path&gt; comparison instead. (E.g., then  
<A HREF="http://example.org">http://example.org</A> and <A HREF="http://example.org:80">http://example.org:80</A> would be equivalent.)


-- 
Anne van Kesteren
&lt;<A HREF="http://annevankesteren.nl/">http://annevankesteren.nl/</A>&gt;
&lt;<A HREF="http://www.opera.com/">http://www.opera.com/</A>&gt;

</PRE>

<!--endarticle-->
<!--htdig_noindex-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="016343.html">[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
</A></li>
	<LI>Next message: <A HREF="016377.html">[whatwg] WebSocket websocket-origin
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#16358">[ date ]</a>
              <a href="thread.html#16358">[ thread ]</a>
              <a href="subject.html#16358">[ subject ]</a>
              <a href="author.html#16358">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="http://lists.whatwg.org/listinfo.cgi/whatwg-whatwg.org">More information about the whatwg
mailing list</a><br>
<!--/htdig_noindex-->
</body></html>