W3C home > Mailing lists > Public > www-style@w3.org > July 2011

Re: css3-fonts: should not dictate usage policy with respect to origin

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 30 Jun 2011 20:14:54 -0400
Message-ID: <4E0D117E.5020201@mit.edu>
To: www-style@w3.org
On 6/30/11 6:55 PM, Glenn Adams wrote:
> if EvilCompany does not include an Origin header in its request

EvilCompany doesn't get to generate its request.  EvilCompany relies on 
requests the user's browser makes.

> if BigCompany does not respond to fetches not containing an Origin, then
> again EvilCompany can guess an origin that permits access, resulting in
> a fetch;

EvilCompany can't make direct requests to sites inside BigCompany's 
firewall.

> EvilCompany does not need to use a UA, but can construct their own HTTP
> client to accomplish this;

No, see above.

-Boris
Received on Friday, 1 July 2011 00:15:22 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:42 GMT