On Sun, Jan 23, 2011 at 5:50 PM, Charles McCathieNevile <chaals@opera.com> wrote: > Not in my experience. People put them somewhere on facebook.com or skype.com > or something, which makes them accessible through a very small number of > single webpages. And often without loggin in, those are not actually > available to anyone. > > So as a user, it seems functionally the same except the particular hoops for > putting things online which are different in every single case. But that's the point: when you put pictures (or tax forms, or other private files) on a webserver, you have mechanisms for access control. You wouldn't put private files on a publically-accessible webserver; you put them on a password-protected one. If cross-origin access is allowed for filesystem URLs, that's akin to putting them on a webserver with no access control. Maybe access control mechanisms should exist for it (personally I think that only makes sense for createObjectURL, not filesystem URIs); but as long as they don't, filesystem URLs should be private to the origin. -- Glenn MaynardReceived on Sunday, 23 January 2011 23:13:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:16 UTC