Loading ...
Sorry, an error occurred while loading the content.

889Re: JSONRequest

Expand Messages
  • collin_jackson
    Oct 14, 2007
    • 0 Attachment
      --- In json@yahoogroups.com, "Michael Schwarz" <michael.schwarz@...>
      wrote:
      > Some other questions while implementing a client plugin:

      Can you tell us which platform you are developing a client plugin for?

      > Why only send the domain, doesn't the complete Uri makes sence?

      The browser's security policy isn't granular enough to separate URIs
      into separate security contexts, so it would be easy for a site to
      spoof any URI within the page's a given domain by injecting script
      tags into other pages. Also, in Firefox (for example) there are many
      scenarios where a page has URI that does not specify a domain
      (about:blank, or a javascript: URI) yet the page does have a domain
      according to the browser.

      To make this header match the browser's security policy, it would be
      possible to set a header of the form scheme://domain:port (with no
      path included), but I'm not sure whether this is necessary.
    • Show all 22 messages in this topic