- From: Domenic Denicola <notifications@github.com>
- Date: Thu, 14 Jan 2016 05:57:08 -0800
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Thursday, 14 January 2016 13:57:38 UTC
This might be naive, since I don't have too much depth into this problem space. But what about using origin instead of eTLD+1, and then letting websites use the existing cross-origin communication mechanisms (CORS, iframes-with-postMessage, server-side communication) to smuggle the credentials over to another origin? --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/97#issuecomment-171650546
Received on Thursday, 14 January 2016 13:57:38 UTC