- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 17 Jun 2009 22:01:28 +0200
- To: "Tyler Close" <tyler.close@gmail.com>
- Cc: "Mark Nottingham" <mnot@mnot.net>, public-webapps@w3.org
On Wed, 17 Jun 2009 19:45:54 +0200, Tyler Close <tyler.close@gmail.com> wrote: > I believe the described heuristics provide complete coverage for > resources behind my company's firewall. Is there a common firewall > configuration you are concerned about? I do not know enough about firewall setups to make an informed comment on that, but I do not think it is my responsibility to show that your proposal does not have / has flaws. If you make your proposal a bit more concrete and manage to convince one or vendors to support it we should definitely consider it, but until that time this is not much to go by, in my opinion. > The proposed solution uses both heuristics and configuration, not > relying solely on either for protection. > > If this technique can in practice provide adequate protection, it is a > much better solution than CORS, which undermines HTTP and webarch in a > number of ways (all discussed previously and again raised by mnot). I do not think CORS undermines HTTP or webarch. I do think that if your proposal would actually work that'd be pretty neat. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 17 June 2009 20:02:16 UTC