W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2017

Re: CORS

From: Jake Archibald <jakearchibald@google.com>
Date: Tue, 10 Oct 2017 21:55:02 +0000
Message-ID: <CAPy=JooTWbLe+OxrAA_mwGT5H=ioW+Lb53f4o3eGU0jebZ1krQ@mail.gmail.com>
To: "Jack (Zhan, Hua Ping)" <jackiszhp@gmail.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>
On Tue, 10 Oct 2017, 21:25 Jack (Zhan, Hua Ping), <jackiszhp@gmail.com>
wrote:

> Either
> Adobe has changed their design after W3C published its stupid design
> in 2005 or I misunderstood Adobe's way which is possible though I do
> not think it is probable.
>

I think it's probable you misunderstood. Maybe you made the same mistake as
this person? https://stackoverflow.com/a/2653708

Please comment on "JMBW way of specifying the same origin", why those
> smart people do not implement it this way, why it is not good? Enlight
> me.


Your proposal would expose users' personal data, such as emails, to any
attacker that wants them. Users, including myself, wouldn't be too happy
about this. Thankfully, smart people realised that.
Received on Tuesday, 10 October 2017 21:55:38 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 November 2017 09:59:04 UTC