W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 17 Dec 2009 23:46:13 +0000 (UTC)
To: Tyler Close <tyler.close@gmail.com>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0912172342280.15825@hixie.dreamhostps.com>
On Thu, 17 Dec 2009, Tyler Close wrote:
> On Thu, Dec 17, 2009 at 9:38 AM, Ian Hickson <ian@hixie.ch> wrote:
> > One of the big reasons to restrict which origin can use a particular 
> > resource is bandwidth management. For example, resources.example.com 
> > might want to allow *.example.com to use its XBL files, but not allow 
> > anyone else to directly use the XBL files straight from 
> > resources.example.com.
> 
> An XBL file could include some JavaScript code that blows up the page if 
> the manipulated DOM has an unexpected document.domain.

This again requires script. I don't deny there are plenty of solutions you 
could use to do this with script. The point is that CORS allows one line 
in an .htaccess file to solve this for all XBL files, all XML files, all 
videos, everything on a site, all at once.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 17 December 2009 23:46:43 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT