Closed Bug 416968 Opened 12 years ago Closed 12 years ago

remove support for deny clauses in Access Control

Categories

(Core :: DOM: Core & HTML, defect, P1)

x86
Linux
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: annevk, Assigned: sicking)

References

Details

Support for the deny="" pseudo-attribute on <?access-control?> and "deny" ruleset on the Access-Control HTTP header should be removed from the implementation as it has been removed from the specification on request of Jonas Sicking.

They are not necessary given that the server can be easily configured to reject cross-site requests and there's an exclude clause to denote exceptions to the allow clause already.
Flags: blocking1.9?
Assignee: nobody → jonas
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
We're not doing cross-site XHR for this release due to security concerns :(
Flags: blocking1.9+ → blocking1.9-
This was done as part of bug 389508
Blocks: xxx
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
No longer blocks: xxx
Depends on: xxx
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.