W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas origin-clean should not ignore Access Control for Cross-Site Requests

From: Robert O'Callahan <robert@ocallahan.org>
Date: Sat, 14 Mar 2009 22:34:25 +1300
Message-ID: <11e306600903140234u49097cb7o193c03f6cc15d9cb@mail.gmail.com>
On Sat, Mar 14, 2009 at 12:53 PM, Hans Schmucker <hansschmucker at gmail.com>wrote:

> Question is: what would be the best way to fix it? Of course the spec
> could be changed for video and image, but wouldn't it be simpler to
> update the defintion of origins to include patterns that can represent
> allow rules?
>

I don't think changing the definition of origins is the right way to go. It
seems better to define a category of "public" resources, specify that a
resource served with "Access-Control-Allow-Origin: *" is "public", and have
<canvas.> treat public resources specially.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090314/8f46cc56/attachment.htm>
Received on Saturday, 14 March 2009 02:34:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT