W3C Working Draft for Access Control for Cross-Site Requests Published
"This document defines a mechanism to enable client-side cross-site
requests. Specifications that want to enable cross-site requests in an API
they define can use the algorithms defined by this specification. If such
an API is used on http://example.org resources, a resource on
http://hello-world.example can opt in using the mechanism
described by this specification (e.g., specifying
Access-Control-Allow-Origin: http://example.org as response
header), which would allow that resource to be fetched cross-site from
http://example.org."
Table of Contents
- 1. Introduction
- 2. Conformance Criteria
- 3. Security Considerations
- 4. Syntax
- 4.1
Access-Control-Allow-OriginHTTP Response Header - 4.2
Access-Control-Max-AgeHTTP Response Header - 4.3
Access-Control-Allow-CredentialsHTTP Response Header - 4.4
Access-Control-Allow-MethodsHTTP Response Header - 4.5
Access-Control-Allow-HeadersHTTP Response Header - 4.6
OriginHTTP Request Header - 4.7
Access-Control-Request-MethodHTTP Request Header - 4.8
Access-Control-Request-HeadersHTTP Request Header
- 4.1
- 5. Processing Model
Read More: http://www.w3.org/TR/2008/WD-access-control-20080912/
Comments
All Comments are Moderated and will be delayed!
Post a comment