[Bug 11203] Canvas security model does not allow for same-origin relaxation from bugzilla@jessica.w3.org on 2010-11-03 (public-html-bugzilla@w3.org from November 2010)

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Nov 2010 02:34:35 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PDTBL-0005vb-Qu@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=11203

--- Comment #5 from Matt Schemmel <matt.schemmel@gmail.com> 2010-11-03 02:34:35 UTC ---
I'm not sure that I agree with that.

In the general case of cross-domain sharing, absolutely - that's the problem
statement CORS is intended to address.

Given the constrained flexibility offered through the same-origin restriction
relaxation, though, offering the ability to share resources across different
subdomains within the same domain feels like the right "80%" solution.

Put differently: why would it make sense to offer relaxed restrictions for
scripts while denying it for the improved interface to static resources that
HTML5's canvas offers?

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 3 November 2010 02:34:37 UTC