Anne van Kesteren

Cross-site Requests

The Web Application Formats Working Group published Access Control for Cross-site Requests. I guess the document can be considered insanely technical and as it is mostly aimed at implementors this could be true. When experimental implementations hit the market I’m sure people will write tutorials and the world will copy and paste. This is how things are working already (see CSS) and it doesn’t appear to be a major problem although some people feel that the W3C specifications should be more approachable. I agree that would be nice. If someone wants to provide detailed feedback to that effect on the Access Control specification please do so! I will most certainly take it into account.

Anyway, the idea of the document is to enable cross-site requests for XMLHttpRequest, XBL, the event-source element, and things like XSLT, et cetera. Pretty neat stuff I think.


  1. In my opinion this is the best and most important thing the W3C is working on right now. Very neat stuff indeed.

    Posted by Sjoerd Visscher at

  2. I don't agree with Sjoerd's statement that this is the most important thing the W3C is working on right now, but I _do_ think cross-site requests are going to provide cool new possibilities. Think about contacting a central resource from different websites, for instance.

    Posted by Bart at

  3. Bart, if we would want that we would just use a request to the server through a scripting language which runs on the server. This is secure and proven safe. I don't see any reason why we would want XmlHttpRequest to go cross site.

    Posted by Simon Rivada at

  4. But it's not always the easiest solution. If cross-site connections can be set up safely in the future, there will no longer be the need of server sided scripts to handle the requests. Not all designers/developers are capable of writing those scripts and next to that it costs extra trouble for a small feature.

    Posted by Bart at