Sunday, February 24, 2008

W3C draft on a 'policy' to allow webapps to selectively loosen the same-origin restriction

pencil icon, that"s clickable to start editing the post

The news feed from w3c has been thick since new year and i still haven't had time to catch up with it all. On of news items from a fourth night ago is on Access Control for Cross-site Requests. It's from the Web Application Formats Working Group (first time for me) that has published a W3C Working Draft on Access Control for Cross-site Requests (14 February 2008). In the introduction it's revealed what it's all about:

Web application technologies commonly apply same-origin restrictions to network requests. These restrictions prevent a Web application running from one origin from obtaining data retrieved from another origin, and also limit the amount of unsafe HTTP requests that can be automatically launched toward destinations that differ from the running application's origin.

It's sounds truly great if this can be brought up to speed with current use and needs, though I'll admit I'm a bit skeptic on advances on these kinds of specifications and not the least the following implementation. Later it says:

This specification is a building block for other specifications, so-called hosting specifications, which will define the precise model by which this specification is used. Among others, such specifications are likely to include XMLHttpRequest Level 2, XBL 2.0, and HTML 5 (for its server-sent events feature).

Sooooo, this could take some time to get in common use as P3P, XHTML 5 (how about just XHTML 1.0 browser support). Some things just take time and the requirements seem solid enough.