Re: CORS for local resources

On Wed, Feb 12, 2014 at 2:42 PM, Mountie Lee <mountie@paygate.net> wrote:
> On Wed, Feb 12, 2014 at 11:33 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>> Surely that can be fixed by providing explicit structured clone
>> support for this object.
>
> under the same domain, structured clone is ok.
> but under the cross-origin conditions, I'm not sure.

It should work. There is no reason for Key objects to be origin-bound
and as far as I can tell they are not. The security around messaging
structured clones is based on the object-capability model and not
origins.


-- 
http://annevankesteren.nl/

Received on Wednesday, 12 February 2014 14:51:46 UTC