Re: [widgets] WARP and redirects

On 6/20/11 12:57 PM, Robin Berjon wrote:
> On Jun 20, 2011, at 12:23 , Marcos Caceres wrote:
>> On Mon, Jun 20, 2011 at 11:41 AM, Robin
>> Berjon<>  wrote:
> You have origin restrictions in place. If you XHR to
> and it redirects to something protected inside
> your network, unless you've used CORS to open up the latter (in which
> case you're begging to get hurt) then you won't get anything.

The use case I was thinking about more centered around images, scripts, 
and iframes, which are not really subject to CORS (though I can see how 
they could be). Anyway, we already have origin="*", so probably doesn't 
matter too much at this point.

Received on Wednesday, 22 June 2011 08:32:40 UTC