Re: [widgets] WARP default policy from Mark S. Miller on 2010-05-04 (public-webapps@w3.org from April to June 2010)

From: Mark S. Miller <erights@google.com>
Date: Tue, 4 May 2010 14:56:46 -0700
To: Jonas Sicking <jonas@sicking.cc>
Cc: Scott Wilson <scott.bradley.wilson@gmail.com>, public-webapps WG <public-webapps@w3.org>
Message-ID: <AANLkTilEJ5XugjLX0Ic1uEigbCQfG2yL8ATfQ73qaXOE@mail.gmail.com>

On Tue, May 4, 2010 at 2:45 PM, Jonas Sicking <jonas@sicking.cc> wrote:

> > If these were limited to Uniform Messages, how much of a need would there
> > still be to disallow them? What would the remaining threats be?
>
> Would it allow reading resources behind corporate firewalls using a
> browser running on a computer behind said firewall?
>
>
Only if the resource responds with an "Access-Control-Allow-Origin: *"
header.



-- 
    Cheers,
    --MarkM

Received on Tuesday, 4 May 2010 21:57:17 UTC