- From: Nathan <nathan@webr3.org>
- Date: Tue, 11 May 2010 01:57:59 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: public-webapps <public-webapps@w3.org>
Bjoern Hoehrmann wrote: > * Nathan wrote: >> Personally, I don't follow why JS running in a user agent should have >> completely different access rules to the rest of the web, primarily >> because a few site admin's feel it's a good idea to expose sensitive >> data via IP-based auth on intranets / on the web via stateful sessions >> on a stateless protocol. > > If you do not depend on a user's special standing with a third party > site, you can configure your server as proxy between your user and the > third party site. That's more difficult for you, but easier for users > and maintainers of third party sites. If we'd do away with the access > restriction, it'd be easier for you, and more difficult for users and > third parties. What we have now is largely due to following the path > of least resistance (which is probably true for most web technology). Thanks Bjoern, Is it possible to set up a server as a proxy, where a client side ssl certificate is also proxied through, should the server at the address being proxied request one? Best, Nathan
Received on Tuesday, 11 May 2010 00:59:16 UTC