W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Chromium's support for CORS and UMP

From: Nathan <nathan@webr3.org>
Date: Tue, 11 May 2010 15:03:50 +0100
Message-ID: <4BE963C6.7090506@webr3.org>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: public-webapps <public-webapps@w3.org>
Boris Zbarsky wrote:
> On 5/11/10 1:10 AM, Nathan wrote:
[!snip]

Boris, all,

I honestly don't have the solutions (as you can easily see) - what I can 
see is that with CORS as it stands, and with same origin rules, then the 
web is about as safe as it can get from xss, which is crucial. This 
won't change, and after 5 years of WIP and wide deployment it most 
likely can't change.

I can also see a situation ahead [1] where the both safety and openness 
need to be addressed at the same time - but that's probably years off 
for the general web population & may well require accountability / web 
of trust etc.

Thus, dropped for now - I have to adopt anyway so may as well do it asap 
and encourage others the same (esp once it hits recommendation).

One request though, does anybody have a chart or note of UA support for 
CORS? (even partial definitely doesn't work in x,y,z)

[1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0553.html

Best,

Nathan
Received on Tuesday, 11 May 2010 14:05:09 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT