W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [UMP] Server opt-in

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 12 Jan 2010 12:58:01 -0800
Message-ID: <7789133a1001121258u17cbbdf6ye03d957ef5d99d94@mail.gmail.com>
To: public-webapps <public-webapps@w3.org>
Cc: Tyler Close <tyler.close@gmail.com>
[Resending from the correct address.]

> In the current draft of UMP, the client can opt-in to UMP by choosing
> to use the UniformMessaging API, but the server is unable to force
> clients to use UMP because the way the server opts into the protocol
> is by returning the Access-Control-Allow-Origin header.
> Unfortunately, when the server returns the Access-Control-Allow-Origin
> header, the server also opts into the CORS and XDomainRequest
> protocols.  The server operator might be reticent to opt into these
> protocols if he or she is worried about ambient authority.
>
> I recommend using a new header, like "Allow-Uniform-Messages: level-1"
> so that servers can opt into UMP specifically.
>
> Adam
>
Received on Tuesday, 12 January 2010 20:58:54 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT