Re: CORS for local resources

On Wed, Feb 12, 2014 at 2:42 PM, Mountie Lee <> wrote:
> On Wed, Feb 12, 2014 at 11:33 PM, Anne van Kesteren <>
> wrote:
>> Surely that can be fixed by providing explicit structured clone
>> support for this object.
> under the same domain, structured clone is ok.
> but under the cross-origin conditions, I'm not sure.

It should work. There is no reason for Key objects to be origin-bound
and as far as I can tell they are not. The security around messaging
structured clones is based on the object-capability model and not


Received on Wednesday, 12 February 2014 14:51:46 UTC