- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 19 Jul 2012 15:54:14 +0200
- To: Henry Story <henry.story@bblfish.net>
- Cc: Cameron Jones <cmhjones@gmail.com>, Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>, public-webappsec@w3.org
On Thu, Jul 19, 2012 at 2:43 PM, Henry Story <henry.story@bblfish.net> wrote: > If a mechanism can be found to apply restrictions for private IP ranges then that > should be used in preference to forcing the rest of the web to implement CORS > restrictions on public data. And indeed the firewall servers use private ip ranges, > which do in fact make a good distinguisher for public and non public space. It's not just private servers (there's no guarantee those only use private IP ranges either). It's also IP-based authentication to private resources as e.g. W3C has used for some time. -- http://annevankesteren.nl/
Received on Thursday, 19 July 2012 13:54:45 UTC