On Wed, 01 Aug 2007 01:01:55 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
In the implementation I've written, the decision weather to check access control headers is done by comparing the final uri with the requesting uri. So if you're redirected back to the original server no access-control check is done.
Ok, I've integrated this now in the XMLHttpRequest level 2 draft (support for cross-site XMLHttpRequest). I've not yet included Referer-Root:
http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
