Re: CORS from Florian Bösch on 2017-10-10 (public-webapps@w3.org from October to December 2017)

From: Florian Bösch <pyalot@gmail.com>
Date: Tue, 10 Oct 2017 22:55:30 +0200
To: "Jack (Zhan, Hua Ping)" <jackiszhp@gmail.com>
Cc: Jake Archibald <jakearchibald@google.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <CAOK8ODjkxdNSpnxaQevwkbfrZyJ3AOLQS+UdTXOoRBFhe1VJgQ@mail.gmail.com>

On Tue, Oct 10, 2017 at 10:25 PM, Jack (Zhan, Hua Ping) <jackiszhp@gmail.com
> wrote:

> Please comment on "JMBW way of specifying the same origin", why those
> smart people do not implement it this way, why it is not good? Enlight
> me.
>

You mean why is your original self-grant description bad (because it's
self-grant) or why is a sitewide crossdomain.xml not good (because it's
sitewide). To satisfy all use-cases CORS is fine-grained. If you want
something as easy as crossdomain.xml, just add this to your apache config:

Header set Access-Control-Allow-Origin "*"

Received on Tuesday, 10 October 2017 20:55:54 UTC