W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: CORS and null

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 3 Jun 2014 11:01:38 +0200
Message-ID: <CADnb78gwd6cC5VT4avDxAdsO433nmO-i3KXYJu-mwEjgJF2=Xw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: WebAppSec WG <public-webappsec@w3.org>, Jonas Sicking <jonas@sicking.cc>, Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, Travis Leithead <Travis.Leithead@microsoft.com>
On Tue, Jun 3, 2014 at 10:54 AM, Mike West <mkwst@google.com> wrote:
> It has the impact that sandboxed frames can't make XHR requests to CORS
> enabled resources, which is potentially problematic in the cases where you'd
> like to sandbox off a portion of your application that processes data.

Only to CORS-enabled credentialed resources. CORS in general would
remain working.

Received on Tuesday, 3 June 2014 09:02:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC