W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: CORS for local resources

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 12 Feb 2014 10:51:31 +0000
Message-ID: <CADnb78i6M5JuXy-90M5mcafcSav7K+G29ew9p2-=DFzRrhOG8Q@mail.gmail.com>
To: Mountie Lee <mountie@paygate.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Feb 12, 2014 at 12:05 AM, Mountie Lee <mountie@paygate.net> wrote:
> I have some questions.
> do we(these WebAppSec members) have discussed CORS for local resources?
> Web Storage (IDB, LocalStorage...) or other origin specific resources are
> bound to same origin.

The storage areas are. The objects they store can be shared.

> I already reviewed postMessage or other cross-origin mechanisms. but those
> are not the best.

postMessage() is how you share JavaScript objects across origins. What
is the problem?

Received on Wednesday, 12 February 2014 10:51:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC