W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2017

Re: CORS

From: Florian Bösch <pyalot@gmail.com>
Date: Tue, 10 Oct 2017 22:55:30 +0200
Message-ID: <CAOK8ODjkxdNSpnxaQevwkbfrZyJ3AOLQS+UdTXOoRBFhe1VJgQ@mail.gmail.com>
To: "Jack (Zhan, Hua Ping)" <jackiszhp@gmail.com>
Cc: Jake Archibald <jakearchibald@google.com>, "public-webapps@w3.org" <public-webapps@w3.org>
On Tue, Oct 10, 2017 at 10:25 PM, Jack (Zhan, Hua Ping) <jackiszhp@gmail.com
> wrote:

> Please comment on "JMBW way of specifying the same origin", why those
> smart people do not implement it this way, why it is not good? Enlight
> me.
>

You mean why is your original self-grant description bad (because it's
self-grant) or why is a sitewide crossdomain.xml not good (because it's
sitewide). To satisfy all use-cases CORS is fine-grained. If you want
something as easy as crossdomain.xml, just add this to your apache config:

Header set Access-Control-Allow-Origin "*"
Received on Tuesday, 10 October 2017 20:55:54 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 November 2017 09:59:04 UTC