Re: UMP / CORS: Implementor Interest

Ian Hickson wrote:
> On Wed, 12 May 2010, Tyler Close wrote:
>> We've gone through several scenarios on this list where this validation 
>> is not feasible. On the chromium list, I recently explained how it is 
>> not possible to implement a generic AtomPub client that does this 
>> validation:
>>
>> http://groups.google.com/a/chromium.org/group/chromium-dev/msg/afda9a4d1d1a4fcb
> 
> I don't think using AtomPub is necessarily a good idea. AtomPub was not 
> designed for use with CORS. If you're going to use technologies 
> inappropriately then sure, you'll have security problems.

but you can't use any RESTful with CORS because it strips Location, 
Content-Location etc

Perfectly secure to have /admin/ accessing /data/ or HTTP through to 
HTTPS for POST etc

I agree CORS is needed, but the imho the UMP headers [1] really needed 
added (if not just the Uniform-Headers

[1] http://dev.w3.org/2006/waf/UMP/#response-header-filtering

Best,

Nathan

Received on Thursday, 13 May 2010 02:09:00 UTC