- From: Maciej Stachowiak <mjs@apple.com>
- Date: Thu, 05 Nov 2009 22:05:53 -0800
- To: Devdatta <dev.akhawe@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
On Nov 5, 2009, at 6:04 PM, Devdatta wrote: > Hi Maciej, > >> >> Read <from> >> If the <from> resource is owned by the domain specified by Origin, >> return >> the data. >> > ..... >> CrossDomainCopy <from-domain> <from-resource> <read-token> <to- >> domain> >> <to-resource> <write-token> > > I don't understand the aim of the whole protocol you have outlined > above. I'm sorry, I outlined it in a pretty sketchy way because I was writing in a hurry and had other things to get to. > > Are you saying CORS should be rewritten to directly support such a > design ? No - there are no changes to CORS needed to support it. > > or Is this a design pattern you are recommending (for use with CORS) ? This is a possible design when building applications that do cross- site networking, and in particular ones that may involve delegated requests or requests combining information from multiple sites. > If the latter, do you honestly expect web developers to read and > understand all that ? The complexity in my proposed protocol is not related to CORS - you'd face the same complexity or greater doing a purely token-based protocol over something like GuestXHR. And you can use a much simpler approach with CORS if you are only doing simpler two-party interactions. > Or have I missed the point completely ? I wouldn't put it that way. I wrote something without a simple explanation assuming readers would have context and I guess it confused you, which is my fault. Sorry! - Maciej
Received on Friday, 6 November 2009 06:06:39 UTC