[OpenAjaxSecurity] Fw: IE8 Ajax features announced
jferrai at us.ibm.com
Thu Mar 6 10:06:48 PST 2008
I am forwarding this URL which Bertrand passed our way. Microsoft has
announced some of the features that will be included in IE8. Given previous
the discussion on this list about W3C Access Conrol, I wanted to make sure
people noticed the IE8 cross-domain request feature.
It is quite interesting how minimalistic the IE8 cross-domain request
feature is. It looks to me like the feature does not send referrer URL,
does not allow setting custom HTTP headers and does not send cookies. If I
am correct on these issues, then if you want to send information such as
user credentials with the cross-domain request, those credentials would
have to be included in a POST payload.
The Ajax section may be of interest to the group, in particular the
Cross-document Request and Cross-document Messaging parts.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security