W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: Same-origin policies (Re: The other party in all this)

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 7 Jul 2009 10:09:23 -0500
Message-ID: <dd0fbad0907070809j648da489uf24d4c6e4a6e693c@mail.gmail.com>
To: Bert Bos <bert@w3.org>
Cc: www-font@w3.org
On Tue, Jul 7, 2009 at 4:44 AM, Bert Bos<bert@w3.org> wrote:
> Tab Atkins Jr. wrote:
>
>> While I agree, are you trying to suggest that people think that
>> CORS/same-origin restrictions carry ownership information with them in
>> any way?
>
> "Ownership" isn't exactly the word I'm looking for, but the adoption of CORS
> to express licenses implies that the author of http://example.com/A  has a
> certain right over http://example.com/B (or vice versa, depending on which
> links to which). That would depend *only* on the similarity of their URLs,
> CORS offers no way to negate that relation.

As Aryeh says, this is true *most* of the time, or at least often
enough to work in practice.

> The Web architecture document[1] says that such inferences from URLs should
> not be made. Two URLs are either the same or different. There is nothing in
> between.
>
> [1] http://www.w3.org/TR/2004/REC-webarch-20041215/#uri-opacity

In general, multiple features of the modern web privilege the origin
section of a url specially.  If that rec says differently, then it
does not match reality.

~TJ
Received on Tuesday, 7 July 2009 15:10:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT