W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

adding Access-Control-Allow-Local to CORS

From: Mountie Lee <mountie@paygate.net>
Date: Wed, 5 Mar 2014 09:38:10 +0900
Message-ID: <CAE-+aYKWPCFAya8BfwgnGXq6JQF2eWThB6Jn6coJqG93ehKVhQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi.
let me propose "Access-Control-Allow-Local" to CORS.

current CORS spec is defined for remote resources.

but some local resources like localStorage, IndexedDB are bound to specific
origin
even by considering Web Messaging technology or cloning of objects,
still I think we need additional control for local resources.

my suggestion is

Access-Control-Allow-Local: "Access-Control-Allow-Local" ":" (Resource Name)

any comment?

-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World
Received on Wednesday, 5 March 2014 00:38:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC