W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Chromium's support for CORS and UMP

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 11 May 2010 03:38:23 +0200
To: nathan@webr3.org
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <0sbhu51b6tp3u77qkl5v49i5in5rv9a1ie@hive.bjoern.hoehrmann.de>
* Nathan wrote:
>> If you do not depend on a user's special standing with a third party
>> site, you can configure your server as proxy between your user and the
>> third party site. That's more difficult for you, but easier for users
>> and maintainers of third party sites. If we'd do away with the access
>> restriction, it'd be easier for you, and more difficult for users and
>> third parties. What we have now is largely due to following the path
>> of least resistance (which is probably true for most web technology).

>Is it possible to set up a server as a proxy, where a client side ssl 
>certificate is also proxied through, should the server at the address 
>being proxied request one?

If there is a special relationship between the user and the third party
site, your site would similarily have to have a special relationship
with at least one of them (for example, you might need the user's certi-
ficate). In essence, in this scenario, the third party restricts access
to those who can prove a certain identity; since you are not them, you
cannot do that. This would be a rather broken scenario though, on the
one hand you cannot directly access the third party server because you
lack some user's certificate; on the other hand, you do have access to
it if your server proxies the access over the user's browser (if there
were no access restrictions in place, be those default rules or "CORS"
rules or something along those lines). That is largely the problem that
is sought to be avoided here.
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 11 May 2010 01:38:45 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:24 UTC