Closed Bug 416968 Opened 12 years ago Closed 12 years ago
remove support for deny clauses in Access Control
Support for the deny="" pseudo-attribute on <?access-control?> and "deny" ruleset on the Access-Control HTTP header should be removed from the implementation as it has been removed from the specification on request of Jonas Sicking. They are not necessary given that the server can be easily configured to reject cross-site requests and there's an exclude clause to denote exceptions to the allow clause already.
Assignee: nobody → jonas
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
We're not doing cross-site XHR for this release due to security concerns :(
Flags: blocking1.9+ → blocking1.9-
This was done as part of bug 389508
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
12 years ago
You need to log in before you can comment on or make changes to this bug.