Re: [widgets] WARP default policy

On Tue, May 4, 2010 at 2:45 PM, Jonas Sicking <jonas@sicking.cc> wrote:

> > If these were limited to Uniform Messages, how much of a need would there
> > still be to disallow them? What would the remaining threats be?
>
> Would it allow reading resources behind corporate firewalls using a
> browser running on a computer behind said firewall?
>
>
Only if the resource responds with an "Access-Control-Allow-Origin: *"
header.



-- 
    Cheers,
    --MarkM

Received on Tuesday, 4 May 2010 21:57:17 UTC