Re: HTTPbis and the Same Origin Policy from Adam Barth on 2009-12-03 (public-web-security@w3.org from December 2009)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 2 Dec 2009 22:01:47 -0800
To: Tyler Close <tyler.close@gmail.com>
Cc: Martin J. Dürst <duerst@it.aoyama.ac.jp>, Julian Reschke <julian.reschke@gmx.de>, public-web-security@w3.org
Message-ID: <7789133a0912022201j49c86e71g635ee3e9c0dcffd7@mail.gmail.com>

On Wed, Dec 2, 2009 at 11:36 AM, Tyler Close <tyler.close@gmail.com> wrote:
> This same reasoning applies to the "stylebot" example in Adam Barth's
> message. The "stylebot" can be implemented without violating SOP
> restrictions.

Can you explain this in more detail?  The stylebot reads a "program"
from one origin and gives that program read/write access to another
origin.  Sounds like a violation of the SOP to me.  Of course, for my
application, it's perfectly fine because these "programs" are written
by members of the WebKit community and both servers belong to the
WebKit community.

Adam

Received on Thursday, 3 December 2009 06:02:48 UTC