- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 10 Nov 2009 22:02:06 +0100
- To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
- CC: WebApps WG <public-webapps@w3.org>
SULLIVAN, BRYAN L (ATTCINW) wrote: > Placing broad restrictions on widget-context webapp access to network resources (substantially different from browser-context webapps) is not an effective approach to creating a useful widget-context webapp platform. That would create a significant barrier to market acceptance of the W3C widget standards. Opera does not agree. We've had a similar model in place for a long time in our proprietary implementation and we have not faced any issues in the marketplace. The WARP spec solves many problems that arise from not actually having a network established origin, and may even avoid the confused deputy problem CORS is currently facing (which locally running widgets won't be able to use anyway). I think that technically we are in agreement; but we are just in disagreement about the level of granularity that the WARP spec affords to authors. For the record, I like the way WARP is currently specified: it's easy to use, and essentially works in much the same way as the same origin policy does for Web documents... but with the added bonus of being able to do cross origin - but with the restriction of not being unrestricted, like it's the case for web documents.
Received on Tuesday, 10 November 2009 21:02:44 UTC