Re: [XHR2] Upload progress events and simple cross-origin requests

On Thu, Mar 19, 2009 at 3:18 PM, Anne van Kesteren <> wrote:
> On Thu, 19 Mar 2009 19:00:36 +0100, Jonas Sicking <> wrote:
>> While I agree that there are other ways of doing this, I think I'd
>> have a really hard time selling a feature that explicitly allows port
>> scanning to our security team. Especially when there is an easy
>> remedy.
> Since there are other ways of doing this, who are we helping exactly by
> making things more complicated for developers, implementors, and the
> specification author? Certainly not the user, because he is "vulnerable"
> either way.

I don't know how easy it is with current technologies to do this
reliably. Or how big chances are that we can fix those technologies in
the future to not work at all, or at least be less reliable.

If you have that information I can try to bring a case for security review here.

There's also the argument that we can always relax this requirement in
the future as it would be a compatible change.

/ Jonas

Received on Thursday, 19 March 2009 22:53:33 UTC