W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Why preflight per-resource rather than per-origin?

From: Mark S. Miller <erights@google.com>
Date: Thu, 17 Dec 2009 13:24:56 -0800
Message-ID: <4d2fac900912171324g640fa7a4gdf088ef85097070d@mail.gmail.com>
To: public-webapps <public-webapps@w3.org>
Despite the costs of doing preflight opt-in on a per-resource basis rather
than a per-origin basis, to meet its security goals, CORS proposes to do
preflight on a per-resource basis. I have seen the rationale for this stated
in bits and pieces. Can anyone point me at a reasonably self contained
statement for why we need preflight on a per-resource rather than a
per-origin basis? If there's nothing adequate to point at, could someone
state a reasonably self contained rationale for this? Thanks.

Received on Thursday, 17 December 2009 21:28:29 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:21 UTC