Re: Why the restriction on unauthenticated GET in CORS?

On Thu, Jul 19, 2012 at 4:10 PM, Cameron Jones <cmhjones@gmail.com> wrote:
> Isn't this mitigated by the Origin header?

No.


> Also, what about the point that this is unethically pushing the costs
> of securing private resources onto public access providers?

It is far more unethical to expose a user's private data.


-- 
http://annevankesteren.nl/

Received on Thursday, 19 July 2012 14:19:32 UTC