On Sun, Jan 23, 2011 at 5:50 PM, Charles McCathieNevile <chaals@opera.com>
wrote:
> Not in my experience. People put them somewhere on facebook.com or
skype.com
> or something, which makes them accessible through a very small number of
> single webpages. And often without loggin in, those are not actually
> available to anyone.
>
> So as a user, it seems functionally the same except the particular hoops
for
> putting things online which are different in every single case.
But that's the point: when you put pictures (or tax forms, or other private
files) on a webserver, you have mechanisms for access control. You wouldn't
put private files on a publically-accessible webserver; you put them on a
password-protected one.
If cross-origin access is allowed for filesystem URLs, that's akin to
putting them on a webserver with no access control. Maybe access control
mechanisms should exist for it (personally I think that only makes sense for
createObjectURL, not filesystem URIs); but as long as they don't, filesystem
URLs should be private to the origin.
--
Glenn Maynard