adding Access-Control-Allow-Local to CORS from Mountie Lee on 2014-03-05 (public-webappsec@w3.org from March 2014)

From: Mountie Lee <mountie@paygate.net>
Date: Wed, 5 Mar 2014 09:38:10 +0900
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAE-+aYKWPCFAya8BfwgnGXq6JQF2eWThB6Jn6coJqG93ehKVhQ@mail.gmail.com>

Hi.
let me propose "Access-Control-Allow-Local" to CORS.

current CORS spec is defined for remote resources.

but some local resources like localStorage, IndexedDB are bound to specific
origin
even by considering Web Messaging technology or cloning of objects,
still I think we need additional control for local resources.

my suggestion is

Access-Control-Allow-Local: "Access-Control-Allow-Local" ":" (Resource Name)

any comment?

-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Wednesday, 5 March 2014 00:38:57 UTC