- From: Daniel Betteridge <Daniel.Betteridge@arup.com>
- Date: Wed, 19 Aug 2020 10:53:32 +0000
- To: "public-webapps@w3.org" <public-webapps@w3.org>
- Message-ID: <B3A10CC1-714E-4C4F-94BF-1505A4A43EC6@arup.com>
Hello! I’ve done a bit of a search of the mailing list and aside from a somewhat antagonistic post (https://lists.w3.org/Archives/Public/public-webapps/2017OctDec/0044.html) I couldn’t find a thread on this topic, given the goal of client side web-apps to incorporate a lot of functions of ‘Native’ applications one of the big sticking points is the CORS restrictions that browser based applications face that their Native counterparts do not. I wrote a bit about the issue I was facing (https://danielbetteridge.com/a-lost-cors/) but essentially, If I want to write a PWA that uses any third party resources I need to either work only with servers configured with CORS (less then I’d like) or create a proxy to work around the issue. What are the barriers or issues with (for example) allowing GET requests to a different origin within specifically an installed PWA where the fetch request has credentials set to “same-origin”, this would allow a lot of the functionality that is currently blocked (RSS feeds, Podcasts etc). I did read Boris’s response in the link above, but unsure how this is congruent with non-browser usage of resources. If a webpage relies on CORS to secure its resources, are they not effectively open to anyone who uses something other than a browser to access the site such as CURL/Custom browser without CORS etc. Thankyou! Daniel ____________________________________________________________ Electronic mail messages entering and leaving Arup business systems are scanned for viruses and acceptability of content.
Received on Friday, 9 October 2020 08:24:16 UTC