- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Wed, 20 Apr 2011 12:47:09 +0300
- To: Leonard Rosenthol <lrosenth@adobe.com>
- Cc: Danny Ayers <danny.ayers@gmail.com>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, "public-html@w3.org" <public-html@w3.org>
On Thu, 2011-04-14 at 07:17 -0700, Leonard Rosenthol wrote: > Henri wrote: > > In order to maintain the confidentiality properties that browsers now > >provide, we can't allow metadata to be read cross-origin without *some* > >participation of the server that serves the image. > > > > If I can read the image, I should be able to read the metadata. Why would you need to restrict the metadata access if you don't restrict the image itself?!? Usually in cross-origin situations, you *can't* read the image (its pixel data). When you *are* allowed to read the pixel data, there's no security reason not to let you read the metadata, too. Then it becomes a matter of resource allocation in platform development: Is the use case compelling enough relative to other potential features that limited person-time available should be allocated to it instead of the other potential features? In the same-origin scenario, Web developers also have the option of running a metadata extractor on the server side and arranging the transfer of metadata between the server-side program and the browser-side program that are both under their control. The different-origin scenarios where pixel data reading is allowed and where security-wise metadata reading could be allowed are so narrow that to me personally they don't look like a compelling thing to allocate limited developer time to. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Wednesday, 20 April 2011 09:47:44 UTC