Closed
Bug 416968
Opened 16 years ago
Closed 16 years ago
remove support for deny clauses in Access Control
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
RESOLVED
FIXED
People
(Reporter: annevk, Assigned: sicking)
References
Details
Support for the deny="" pseudo-attribute on <?access-control?> and "deny" ruleset on the Access-Control HTTP header should be removed from the implementation as it has been removed from the specification on request of Jonas Sicking. They are not necessary given that the server can be easily configured to reject cross-site requests and there's an exclude clause to denote exceptions to the allow clause already.
Reporter | ||
Updated•16 years ago
|
Flags: blocking1.9?
Updated•16 years ago
|
Assignee: nobody → jonas
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
Assignee | ||
Comment 1•16 years ago
|
||
We're not doing cross-site XHR for this release due to security concerns :(
Flags: blocking1.9+ → blocking1.9-
Assignee | ||
Comment 2•16 years ago
|
||
This was done as part of bug 389508
Assignee | ||
Updated•16 years ago
|
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•