- From: Devdatta <dev.akhawe@gmail.com>
- Date: Wed, 16 Dec 2009 22:04:31 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: Kenton Varda <kenton@google.com>, public-webapps <public-webapps@w3.org>
> > Another example would be an XBL binding file on hixie.ch that is > accessible only to pages on damowmow.com. With CORS I can do this with one > line in my .htaccess file. I don't see how to do it at all with UM. > Seems to me that these examples can just as easily be done with IE's XDomainRequest. Are there examples for CORS which can't be done by UM/XDR ? Cheers devdatta 2009/12/16 Ian Hickson <ian@hixie.ch>: > On Wed, 16 Dec 2009, Kenton Varda wrote: >> >> Without the benefit of full context (I only started following this list >> recently), I'd like cautiously to suggest that the UM solution to Ian's >> "challenge" seems awkward because the challenge is itself a poor design, >> and UM tends to be more difficult to work with when used to implement >> designs that are poor in the first place. >> >> Specifically -- and note that I'm not sure I follow all the details, so >> I could be missing things -- it seems that the challenge calls for site >> B to be hard-coded to talk to site A. In a better world, site B would >> be able to talk to any site that provides feeds in the desired format. > > A concrete example of the example I was talking about is Google's Finance > GData API. There's a fixed URL on A (Google's site) that represents my > finance information. There's a site B (my portal page) that is hard-coded > to fetch that data and display it. I'm logged into A, I'm not logged into > B, and I've told A (Google) that it's ok to give B access to my financial > data. Today, this involves a complicated set of bouncing back and forth. > With CORS, it could be done with zero server-side scripting -- the file > could just be statically generated with an HTTP header that grants > permission to my portal to read the page. > > Another example would be an XBL binding file on hixie.ch that is > accessible only to pages on damowmow.com. With CORS I can do this with one > line in my .htaccess file. I don't see how to do it at all with UM. > > >> So imagine, for example, that when the user visits site A originally, >> the site can somehow tell the browser "I would like to provide a >> capability implementing the com.example.Feed interface. The URL for >> this capability is [something unguessable].". Then, when the user >> visits site B, it has a "socket" for an object implementing >> "com.example.Feed". When the user clicks on this "socket", the browser >> pops up a list of com.example.Feed implementations that it knows about, >> such as the one from site A. The user can then click on that one and >> thus hook up the sites. > > As a user, in both the finance case and XBL case, I don't want any UI. I > just want it to Work. > > -- > Ian Hickson U+1047E )\._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.' > >
Received on Thursday, 17 December 2009 06:05:31 UTC