Re: CORS from Jake Archibald on 2017-10-10 (public-webapps@w3.org from October to December 2017)

From: Jake Archibald <jakearchibald@google.com>
Date: Tue, 10 Oct 2017 21:55:02 +0000
To: "Jack (Zhan, Hua Ping)" <jackiszhp@gmail.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <CAPy=JooTWbLe+OxrAA_mwGT5H=ioW+Lb53f4o3eGU0jebZ1krQ@mail.gmail.com>

On Tue, 10 Oct 2017, 21:25 Jack (Zhan, Hua Ping), <jackiszhp@gmail.com>
wrote:

> Either
> Adobe has changed their design after W3C published its stupid design
> in 2005 or I misunderstood Adobe's way which is possible though I do
> not think it is probable.
>

I think it's probable you misunderstood. Maybe you made the same mistake as
this person? https://stackoverflow.com/a/2653708

Please comment on "JMBW way of specifying the same origin", why those
> smart people do not implement it this way, why it is not good? Enlight
> me.

Your proposal would expose users' personal data, such as emails, to any
attacker that wants them. Users, including myself, wouldn't be too happy
about this. Thankfully, smart people realised that.

Received on Tuesday, 10 October 2017 21:55:38 UTC