- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 13 Jul 2010 08:12:03 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: public-webapps@w3.org, Jaka Jančar <jaka@kubje.org>
On Tue, Jul 13, 2010 at 3:47 AM, Anne van Kesteren <annevk@opera.com> wrote: > On Tue, 13 Jul 2010 12:35:02 +0200, Jaka Jančar <jaka@kubje.org> wrote: >> >> What I'd like is a global (per-host) way to disable these limitations all >> at once, giving XHR unrestricted access to the host, just like native apps >> have it. > > It used to be a mostly "global" per-resource switch, but the security folks > at Mozilla thought that was too dangerous and we decided to go with the > granular approach they proposed. This happened during a meeting in the > summer of 2008 at Microsoft. I do not believe anything has changed meanwhile > so this will probably not happen. This does not match my recollection of our requirements. The most important requirements that we had was that it was possible to opt in on a very granular basis, and that it was possible to opt in without getting cookies. Also note that the latter wasn't possible before we requested it and so this users requirements would not have been fulfilled if it wasn't for the changes we requested. Anyhow if we want to reopen discussions about syntax for the various headers that cors uses, for example to allow '*' as value, then I'm ok with that. Though personally I'd prefer to just ship this thing as it's a long time coming. / Jonas
Received on Tuesday, 13 July 2010 15:12:56 UTC