This document:Public document·View comments·Disposition of Comments·
Nearby:Mobile Web Best Practices Working Group Other specs in this tool Mobile Web Best Practices Working Group's Issue tracker
Quick access to LC-2267 LC-2268 LC-2269 LC-2270 LC-2289 LC-2316 LC-2317 LC-2318 LC-2319 LC-2320 LC-2321 LC-2322 LC-2323 LC-2324 LC-2327 LC-2328 LC-2329 LC-2358 LC-2359 LC-2360
Previous: LC-2268
From a quick review, section 4.2.9.3 looks vastly improved. I'll solicit the WSC WG's opinions on the changed version; speaking personally, I'm happy with the current text. I would like to call out a specific point in 4.2.9.2: > Proxies must preserve security between requests for domains that are > not same-origin in respect of cookies and scripts. It is probably worthwhile to call out in non-normative security considerations what that actually means -- namely, fairly heavy rewriting of scripts along the lines of what CaJa does, and rewriting of cookies to emulate the behavior that a browser would otherwise show.