W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: [FileSystem]: URI format, uses

From: Glenn Maynard <glenn@zewt.org>
Date: Sun, 23 Jan 2011 18:13:16 -0500
Message-ID: <AANLkTi=-ZPbW3DZ6WMpvZSW3vTP0EsHE57DfPrcZ1wQJ@mail.gmail.com>
To: Charles McCathieNevile <chaals@opera.com>
Cc: Robin Berjon <robin@berjon.com>, Web Applications Working Group WG <public-webapps@w3.org>
On Sun, Jan 23, 2011 at 5:50 PM, Charles McCathieNevile <chaals@opera.com>
> Not in my experience. People put them somewhere on facebook.com or
> or something, which makes them accessible through a very small number of
> single webpages. And often without loggin in, those are not actually
> available to anyone.
> So as a user, it seems functionally the same except the particular hoops
> putting things online which are different in every single case.

But that's the point: when you put pictures (or tax forms, or other private
files) on a webserver, you have mechanisms for access control.  You wouldn't
put private files on a publically-accessible webserver; you put them on a
password-protected one.

If cross-origin access is allowed for filesystem URLs, that's akin to
putting them on a webserver with no access control.  Maybe access control
mechanisms should exist for it (personally I think that only makes sense for
createObjectURL, not filesystem URIs); but as long as they don't, filesystem
URLs should be private to the origin.

Glenn Maynard
Received on Sunday, 23 January 2011 23:13:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:16 UTC