Isn't the solution just the suborigin header? Userdir URLs almost certainly predate client-side scripting; it's not like the browser people haven't had a chance to think about this. If they think...
Userdir URLs almost certainly predate client-side scripting; it's not like the browser people haven't had a chance to think about this. If they think https://university.edu/~professor and https://university.edu/~student are controlled by mutually trusting entities, they're just wrong.
Isn't the solution just the
suborigin
header?Userdir URLs almost certainly predate client-side scripting; it's not like the browser people haven't had a chance to think about this. If they think
https://university.edu/~professor
andhttps://university.edu/~student
are controlled by mutually trusting entities, they're just wrong.