W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Kenton Varda <kenton@google.com>
Date: Mon, 21 Dec 2009 17:38:13 -0800
Message-ID: <4112ecad0912211738k5b279e94gbc056ecf57b96552@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: Tyler Close <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>
On Mon, Dec 21, 2009 at 5:31 PM, Ian Hickson <ian@hixie.ch> wrote:

> The most simple cases are also the most common and are by far the cases I
> care the most about. The more complicated cases are authored by more
> competent authors, and can be more complicated (e.g. they don't have to
> use CORS).

It seems to me that anyone who needs cross-origin resources in the first
place, and cannot accept providing *everyone* access to the resource, is
most likely already doing something complicated enough that there is a
significant chance of vulnerabilities.  Non-complicated situations with
these requirements seem relatively rare to me.  But you would know better.
Received on Tuesday, 22 December 2009 01:39:04 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:21 UTC