W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [widgets] WARP default policy

From: Mark S. Miller <erights@google.com>
Date: Tue, 4 May 2010 14:56:46 -0700
Message-ID: <AANLkTilEJ5XugjLX0Ic1uEigbCQfG2yL8ATfQ73qaXOE@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: Scott Wilson <scott.bradley.wilson@gmail.com>, public-webapps WG <public-webapps@w3.org>
On Tue, May 4, 2010 at 2:45 PM, Jonas Sicking <jonas@sicking.cc> wrote:

> > If these were limited to Uniform Messages, how much of a need would there
> > still be to disallow them? What would the remaining threats be?
>
> Would it allow reading resources behind corporate firewalls using a
> browser running on a computer behind said firewall?
>
>
Only if the resource responds with an "Access-Control-Allow-Origin: *"
header.



-- 
    Cheers,
    --MarkM
Received on Tuesday, 4 May 2010 21:57:17 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT