W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: Why the restriction on unauthenticated GET in CORS?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 19 Jul 2012 16:19:00 +0200
Message-ID: <CADnb78i2ij20bZTu995GuKYx1_8rj5atPDr38TmUEK1SBmDC0g@mail.gmail.com>
To: Cameron Jones <cmhjones@gmail.com>
Cc: Henry Story <henry.story@bblfish.net>, Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>, public-webappsec@w3.org
On Thu, Jul 19, 2012 at 4:10 PM, Cameron Jones <cmhjones@gmail.com> wrote:
> Isn't this mitigated by the Origin header?

No.


> Also, what about the point that this is unethically pushing the costs
> of securing private resources onto public access providers?

It is far more unethical to expose a user's private data.


-- 
http://annevankesteren.nl/
Received on Thursday, 19 July 2012 14:19:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:54 GMT