- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 28 Apr 2009 13:31:37 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: WebApps WG <public-webapps@w3.org>
Yeah, this requirement doesn't make very much sense: "User agents should guard against sites storing data in the storage areas or databases of subdomains, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit." Someone who wants to use up a lot of storage can just register as many domain names as he/she likes for $5 a piece. I suggest removing the requirement. Adam On Tue, Apr 28, 2009 at 5:41 AM, Anne van Kesteren <annevk@opera.com> wrote: > The specification currently suggests to guard against subdomains. I was > wondering why subdomains are called out and not different ports or even > completely different domains now that postMessage() is available. > > Since this particular section keeps talking about domains I was wondering if > it has actually been updated to reflect the switch from a domain-based > policy to a origin-based policy for storage. It seems that some of the > recommendations need to be reworded. > > > -- > Anne van Kesteren > http://annevankesteren.nl/ > >
Received on Tuesday, 28 April 2009 20:32:32 UTC