On Fri Jul 22 03:24:41 2011, David Endicott wrote:
there are added inefficiencies. Also the name resolution of the
HTTP that
serves the Javascript that opens the WS should remain constant.
If WS
resolves the host/domain to a different address than the HTTP it
was spawned
from, it becomes a method to bypass same-origin / CORS restrictions.
That's an unfortunate misunderstanding.
All protocols that use SRV records maintain the target domain.
So a ws://example.com/xyz would still send a Host header of
"example.com", whether SRV or not, so there is no impact on same
origin policy, CORS, etc.
Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf