On 24/12/2011 1:32 a.m., Amos Jeffries wrote:
> Now that tools are being implemented to access the cache manager via
> http:// scheme we need to accomodate the browser XSS protection
> mechanisms which limit XHR based scripts abilities.
>
> This adds CORS headers to manager responses. Permitting XHR to view
> the Server header (to detect squid version for known capabilities) and
> to flag that the XHR request may need access to credentials for
> authenticating with the manager.
>
> This also closes the feature bug 3407 requesting we support the
> non-standard "Origin:" header, which is used by the CORS mechanisms.
>
> Future work:
> Support the OPTIONS request used by CORS to detect requirements
> before POSTing. We do not yet use POST in the main code so that is
> left until needed.
>
> Amos
>
Applied to trunk.
Amos
Received on Fri Dec 30 2011 - 03:51:02 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 30 2011 - 12:00:13 MST