Re: Reminder: Conference call: SOR and CORS vs. From Origin from Erik van Blokland on 2011-02-16 (public-webfonts-wg@w3.org from February 2011)

From: Erik van Blokland <erik@letterror.com>
Date: Wed, 16 Feb 2011 15:43:56 +0100
To: "Levantovsky, Vladimir" <Vladimir.Levantovsky@MonotypeImaging.com>
Cc: "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
Message-Id: <F53F5AA3-DFED-462F-AFA6-0F998BE1646A@letterror.com>

On 16 feb 2011, at 02:27, Levantovsky, Vladimir wrote:

> As we discussed and agreed at the last telcon, we will dedicate our next conf. call on Feb. 16 to same-origin restriction and two alternative ways to relax the restriction: CORS and From Origin header.

Would it be possible for someone to post a brief summary of what the from-origin proposal is? I read through the conversation several times, but I might be missing something. 

Who is sending which header to whom?
What is the default?  fiddle to deny? fiddle to allow?
Who has to do the fiddling to make it do something else than the default?
How much work has to be done to make the From Origin work? By whom?

Thanks!

Erik

Received on Wednesday, 16 February 2011 14:44:33 UTC