W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: Why the restriction on unauthenticated GET in CORS?

From: Cameron Jones <cmhjones@gmail.com>
Date: Fri, 20 Jul 2012 17:55:56 +0100
Message-ID: <CALGrges7Nkc6aJAt5UN1bMHjX31Vhvk5MKwsV3GL_ZVkaXr_BQ@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Henry Story <henry.story@bblfish.net>, Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>, public-webappsec@w3.org
On Fri, Jul 20, 2012 at 4:50 PM, Adam Barth <w3c@adambarth.com> wrote:
> On Fri, Jul 20, 2012 at 4:37 AM, Cameron Jones <cmhjones@gmail.com> wrote:
>> So, this is a non-starter. Thanks for all the fish.
>
> That's why we have the current design.

Yes, i note the use of the word "current" and not "final".

Ethics are a starting point for designing technology responsibly. If
the goals can not be met for valid technological reasons then that it
a unfortunate outcome and one that should be avoided at all costs.

The costs of supporting legacy systems has real financial implications
notwithstanding an ethical ideology. If those costs become too great,
legacy systems loose their impenetrable pedestal.

The architectural impact of supporting for non-maintained legacy
systems is that web proxy intermediates are something we will all have
to live with.

Thanks,
Cameron Jones
Received on Friday, 20 July 2012 16:56:25 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:54 GMT