- From: Nathan <nathan@webr3.org>
- Date: Thu, 13 May 2010 03:07:30 +0100
- To: Ian Hickson <ian@hixie.ch>
- CC: Tyler Close <tyler.close@gmail.com>, Dirk Pranke <dpranke@chromium.org>, public-webapps <public-webapps@w3.org>
Ian Hickson wrote: > On Wed, 12 May 2010, Tyler Close wrote: >> We've gone through several scenarios on this list where this validation >> is not feasible. On the chromium list, I recently explained how it is >> not possible to implement a generic AtomPub client that does this >> validation: >> >> http://groups.google.com/a/chromium.org/group/chromium-dev/msg/afda9a4d1d1a4fcb > > I don't think using AtomPub is necessarily a good idea. AtomPub was not > designed for use with CORS. If you're going to use technologies > inappropriately then sure, you'll have security problems. but you can't use any RESTful with CORS because it strips Location, Content-Location etc Perfectly secure to have /admin/ accessing /data/ or HTTP through to HTTPS for POST etc I agree CORS is needed, but the imho the UMP headers [1] really needed added (if not just the Uniform-Headers [1] http://dev.w3.org/2006/waf/UMP/#response-header-filtering Best, Nathan
Received on Thursday, 13 May 2010 02:09:00 UTC