Re: Why the restriction on unauthenticated GET in CORS?

On Thu, Jul 19, 2012 at 2:43 PM, Henry Story <henry.story@bblfish.net> wrote:
> If a mechanism can be found to apply restrictions for private IP ranges then that
> should be used in preference to forcing the rest of the web to implement CORS
> restrictions on public data. And indeed the firewall servers use private ip ranges,
> which do in fact make a good distinguisher for public and non public space.

It's not just private servers (there's no guarantee those only use
private IP ranges either). It's also IP-based authentication to
private resources as e.g. W3C has used for some time.


-- 
http://annevankesteren.nl/

Received on Thursday, 19 July 2012 13:54:47 UTC