- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 30 May 2008 13:21:36 -0700
- To: Anne van Kesteren <annevk@opera.com>
- CC: "WAF WG (public)" <public-appformats@w3.org>, Maciej Stachowiak <mjs@apple.com>
Anne van Kesteren wrote: > On Fri, 30 May 2008 20:08:24 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> However IMHO it makes more sense as an extra level of security. To >> deal with servers supporting actions that the server administrator is >> unaware of or wasn't thinking of when enabling Access-Control. > > Ok. It's not really clear to me whether this extra level is needed or > desired, as it further complicates the original proposal. With all the > other proposals you're making it overall becomes much more complex and > harder for authors to grasp what they have to do to get it right. > > I'd be interested in hearing feedback from Maciej / Apple / WebKit on > this proposal. I'd be equally interested to hear Operas opinion. A while back you said that you were going to consult with your security guys, but I'm not sure that I saw a followup to that. Is Opera ok with that enabling Access-Control always enables the full set of possible combinations of methods and headers? / Jonas
Received on Friday, 30 May 2008 20:24:31 UTC