W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 18 Dec 2009 01:49:19 +0000 (UTC)
To: Tyler Close <tyler.close@gmail.com>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0912180148430.15825@hixie.dreamhostps.com>
On Thu, 17 Dec 2009, Tyler Close wrote:
> 
> Starting from the X-FRAME-OPTIONS proposal, say the response header
> also applies to all embedding that the page renderer does. So it also
> covers <img>, <video>, etc. In addition to the current values, the
> header can also list hostname patterns that may embed the content. So,
> in your case:
> 
> X-FRAME-OPTIONS: *.example.com
> Access-Control-Allow-Origin: *
> 
> Which means anyone can access this content, but sites outside 
> *.example.com should host their own copy, rather than framing or 
> otherwise directly embedding my copy.

Why is this better than:

   Access-Control-Allow-Origin: *.example.com

...?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 18 December 2009 01:50:03 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT