W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Chromium's support for CORS and UMP

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 11 May 2010 02:48:10 +0200
To: nathan@webr3.org
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <8a8hu51tq5tk54joutlc1jkvede7v0148r@hive.bjoern.hoehrmann.de>
* Nathan wrote:
>Personally, I don't follow why JS running in a user agent should have 
>completely different access rules to the rest of the web, primarily 
>because a few site admin's feel it's a good idea to expose sensitive 
>data via IP-based auth on intranets / on the web via stateful sessions 
>on a stateless protocol.

If you do not depend on a user's special standing with a third party
site, you can configure your server as proxy between your user and the
third party site. That's more difficult for you, but easier for users
and maintainers of third party sites. If we'd do away with the access
restriction, it'd be easier for you, and more difficult for users and
third parties. What we have now is largely due to following the path
of least resistance (which is probably true for most web technology).
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 11 May 2010 00:48:33 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:24 UTC