[webkit-dev] Allowing webkit clients to extend XHR security policy

Alexey Proskuryakov ap at webkit.org
Thu Apr 9 21:03:42 PDT 2009

On 09.04.2009, at 22:38, Aaron Boodman wrote:

> The local scheme feature is actually more powerful than just XHR

If you only need extensions to do XHR, why not just make them use  
cross-origin XHR? That way, the extension won't even need to declare  
the origins it's going to access - all checks will be server-side, as  
with normal cross-origin XHR.

- WBR, Alexey Proskuryakov

More information about the webkit-dev mailing list