RE: [sysapps/runtime] cross origin XHR in packaged apps

On Apr 3, 2013 1:37 PM, "SULLIVAN, BRYAN L" <bs3131@att.com> wrote:
>
> >
> > There are several ideas in this thread that make using cross-origin
> > communication easier. I just don't see the advantage of packaged web app
> > sharing origin with some arbitrary site, for example when compared to
using
> > WARP.
>
> Something like a WARP based solution requires signing by a trusted
> party. This has at least the following downsides
> * You can't distribute your app without going through a set of
> gate-keepers. And we're trying to avoid building a platform with
> gate-keepers.
> * Whoever does the signing can make mistakes. I.e. it's it's very hard
> to find a cleverly written program that looks harmless, but that
> actually steals the user's information.
>
> <bryan> WARP does not require signing. All it requires is that the UA /
app manager provide a means for the user to be informed about what sites
are requested under the access rules, and to either approve that access or
not. WARP works fine for unsigned apps.

Sorry, I shouldn't have spoken for WARP without learning more about it.

I personally don't think it's a good idea to ask the user which websites an
app should be able to connect to outside of the usual web SOP.

This is a very technical question and very few users are likely to
understand the implications of such a question.

/ Jonas

Received on Monday, 8 April 2013 03:33:23 UTC