On Fri, Jul 22, 2011 at 5:55 AM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:
On Fri Jul 22 03:24:41 2011, David Endicott wrote:That's an unfortunate misunderstanding.
there are added inefficiencies. Also the name resolution of the HTTP that
serves the _javascript_ that opens the WS should remain constant. If WS
resolves the host/domain to a different address than the HTTP it was spawned
from, it becomes a method to bypass same-origin / CORS restrictions.
All protocols that use SRV records maintain the target domain.
So a ws://example.com/xyz would still send a Host header of "example.com", whether SRV or not, so there is no impact on same origin policy, CORS, etc.
Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf