W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Chromium's support for CORS and UMP

From: Nathan <nathan@webr3.org>
Date: Tue, 11 May 2010 01:57:59 +0100
Message-ID: <4BE8AB97.6090208@webr3.org>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
CC: public-webapps <public-webapps@w3.org>
Bjoern Hoehrmann wrote:
> * Nathan wrote:
>> Personally, I don't follow why JS running in a user agent should have 
>> completely different access rules to the rest of the web, primarily 
>> because a few site admin's feel it's a good idea to expose sensitive 
>> data via IP-based auth on intranets / on the web via stateful sessions 
>> on a stateless protocol.
> 
> If you do not depend on a user's special standing with a third party
> site, you can configure your server as proxy between your user and the
> third party site. That's more difficult for you, but easier for users
> and maintainers of third party sites. If we'd do away with the access
> restriction, it'd be easier for you, and more difficult for users and
> third parties. What we have now is largely due to following the path
> of least resistance (which is probably true for most web technology).

Thanks Bjoern,

Is it possible to set up a server as a proxy, where a client side ssl 
certificate is also proxied through, should the server at the address 
being proxied request one?

Best,

Nathan
Received on Tuesday, 11 May 2010 00:59:16 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT