W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: the discussion is over, resistance time

From: Thomas Lord <lord@emf.net>
Date: Thu, 02 Jul 2009 17:33:37 -0700
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: Sylvain Galineau <sylvaing@microsoft.com>, luke whitmore <lwhitmore@gmail.com>, "www-font@w3.org" <www-font@w3.org>
Message-Id: <1246581217.6767.193.camel@dell-desktop.example.com>
On Thu, 2009-07-02 at 19:19 -0500, Tab Atkins Jr. wrote:

> Unless I'm *completely* wrong (and I don't think I am, because Anne
> has been very assertive in correcting people about how same-origin and
> CORS works), you're wrong.

> Same-origin restrictions do not affect the server *at all*.  If a
> same-origin restriction is in effect, the *browser* enforces it,
> *after* receiving the resource from the server.


Very briefly:

http://www.w3.org/TR/access-control/

  1 Introduction
  [....]

  Server-side applications are enabled to discover
  that an HTTP request was deemed a cross-origin
  request by the user agent, through the Origin header.

  This extension enables server-side applications to
  enforce limitations on the cross-origin requests that
  they are willing to service.

CORS concedes the right of servers to not serve
up a given resource and constructs a system in which
conforming clients, which we presume most users will
use, help to streamline that process to the benefit
of both parties.

-t
Received on Friday, 3 July 2009 00:34:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT