- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 17 Jun 2009 22:42:13 +0000 (UTC)
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Anne van Kesteren <annevk@opera.com>, Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On Wed, 17 Jun 2009, Tyler Close wrote: > > For those at work, watching the show, here's the beast we're looking > for: > > 1. A firewalled intranet, where servers behind the firewall have > routable IP addresses (ie: not 10.*, or 192.168.*) > 2. *and* where servers on the Internet are *not* accessed via an HTTP proxy > 3. *and* there is a resource on a server behind the firewall that > depends solely on connectivity for authentication (if you can get > packets to me you're allowed to use me) > 4. *and* where this resource does *not* treat GET and POST as equivalent methods > 5. *and* where this resource checks that the Content-Type header on a > POST request is either "application/x-www-form-urlencoded" or > "text/plain" > > If you find a resource that meets the above criteria, then you've got a > resource that may be secure under CORS, but not under my alternate > proposal. Do we have any winners? I believe we have such services at Google, though for obvious reasons I wouldn't want to elaborate on that. Is this the propoal to which you refer?: http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1011.html -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 17 June 2009 22:52:10 UTC