W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2017

Re: CORS

From: Jack (Zhan, Hua Ping) <jackiszhp@gmail.com>
Date: Wed, 11 Oct 2017 04:25:47 +0800
Message-ID: <CAKRyGxs7bhmTMDQw5PtwBXzyWG__6RH_UDLUbyDqB1VpSYz+kg@mail.gmail.com>
To: Jake Archibald <jakearchibald@google.com>, "public-webapps@w3.org" <public-webapps@w3.org>
On Wed, Oct 11, 2017 at 12:57 AM, Jake Archibald
<jakearchibald@google.com> wrote:
> I can't find any reference to this "Adobe" behaviour.
>
> Flash relied on crossdomain.xml, but that had to be on the origin containing
> the requested resource, so 2nd.com in this case.
>
> Adobe's solution is pretty similar to CORS but sets an origin-wide policy,
> whereas CORS can be per resource.

After read your comment, I checked what you said. And what you said is
true according to the material I can find at present day, though they
are all after 2008 (version 0.2 Cross Domain Policy File
Specification). When I got the impression in 2003/2004, I did not know
there is any published specification on relaxing the same origin
policy.  At that time, it seemed to be its proprietary use. Either
Adobe has changed their design after W3C published its stupid design
in 2005 or I misunderstood Adobe's way which is possible though I do
not think it is probable.

I mentioned "Adobe" because I think I should give credit to what I saw
long time ago. I do not mind we refer what I proposed with any other
term such as "JMBW(Jack Might Be Wrong) way of specifying the same
origin".

Please comment on "JMBW way of specifying the same origin", why those
smart people do not implement it this way, why it is not good? Enlight
me.


with best regards
Jack (Zhan, Hua Ping詹华平)
+85-153-9230-9232
twitter: https://twitter.com/jackzhp/with_replies
Received on Tuesday, 10 October 2017 20:26:10 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 November 2017 09:59:04 UTC