- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 25 Nov 2013 11:32:10 +0000
- To: Ian Hickson <ian@hixie.ch>
- Cc: Daniel Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Nov 21, 2013 at 5:11 PM, Ian Hickson <ian@hixie.ch> wrote: > Why? You can easily define a blob:'s origin as being the origin registered > for that blob: URL. It's just a lookup. You could even encode the origin > directly into the URL (either opaquely or not), so that it wouldn't need > to be expensive to look up. That's an interesting model, but doesn't match the one written down: https://tools.ietf.org/html/rfc6454#section-4 In addition, I'm not sure we want blob URLs to have an associated origin. I think they should always be same-origin if you are holding one. -- http://annevankesteren.nl/
Received on Monday, 25 November 2013 11:32:42 UTC