Re: CORS from Jack (Zhan, Hua Ping) on 2017-10-11 (public-webapps@w3.org from October to December 2017)

From: Jack (Zhan, Hua Ping) <jackiszhp@gmail.com>
Date: Thu, 12 Oct 2017 06:00:45 +0800
To: Florian Bösch <pyalot@gmail.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <CAKRyGxuO96BaB5JqrBpHLKv_fSjATsJ2h0=ZLtO5LB0pHz1Pig@mail.gmail.com>

>> I have already responded this to Tab Atkins as follows:
> You have not. And I ask again. How do you instruct a browser which resource
> is ok to request from another origin?
When I said "as follows:", the answer text followed. And I elaborated
a bit more than asked, and at the end I challenge you to defeat me.
Please read that or here:
http://lists.w3.org/Archives/Public/public-webapps/2017OctDec/0024.html
There is no point for me to copy it here again.

But in one sentence: I do not need the browser to do the authorization
check for me, I do the authorization check myself at server
https://bankA.com/.

with best regards
Jack (Zhan, Hua Ping詹华平)
+86-153-9230-9232
QQ: 94544458  欢迎加我，欢迎访问QQ空间
twitter: https://twitter.com/jackzhp/with_replies

Received on Wednesday, 11 October 2017 22:01:09 UTC