W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2010

[Bug 11203] Canvas security model does not allow for same-origin relaxation

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Nov 2010 02:34:35 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PDTBL-0005vb-Qu@jessica.w3.org>

--- Comment #5 from Matt Schemmel <matt.schemmel@gmail.com> 2010-11-03 02:34:35 UTC ---
I'm not sure that I agree with that.

In the general case of cross-domain sharing, absolutely - that's the problem
statement CORS is intended to address.

Given the constrained flexibility offered through the same-origin restriction
relaxation, though, offering the ability to share resources across different
subdomains within the same domain feels like the right "80%" solution.

Put differently: why would it make sense to offer relaxed restrictions for
scripts while denying it for the improved interface to static resources that
HTML5's canvas offers?

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 3 November 2010 02:34:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:33 UTC