Re: Chromium's support for CORS and UMP

Boris Zbarsky wrote:
> On 5/11/10 1:10 AM, Nathan wrote:
[!snip]

Boris, all,

I honestly don't have the solutions (as you can easily see) - what I can 
see is that with CORS as it stands, and with same origin rules, then the 
web is about as safe as it can get from xss, which is crucial. This 
won't change, and after 5 years of WIP and wide deployment it most 
likely can't change.

I can also see a situation ahead [1] where the both safety and openness 
need to be addressed at the same time - but that's probably years off 
for the general web population & may well require accountability / web 
of trust etc.

Thus, dropped for now - I have to adopt anyway so may as well do it asap 
and encourage others the same (esp once it hits recommendation).

One request though, does anybody have a chart or note of UA support for 
CORS? (even partial definitely doesn't work in x,y,z)

[1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0553.html

Best,

Nathan

Received on Tuesday, 11 May 2010 14:05:09 UTC