W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: adding Access-Control-Allow-Local to CORS

From: Odin Hørthe Omdal <odinho@opera.com>
Date: Sat, 08 Mar 2014 01:14:09 +0100
Message-Id: <1394237649.18049.91952301.014E9050@webmail.messagingengine.com>
To: public-webappsec@w3.org
On Wed, Mar 5, 2014, at 1:38, Mountie Lee wrote:
> let me propose "Access-Control-Allow-Local" to CORS.
> 
> current CORS spec is defined for remote resources.
> 
> but some local resources like localStorage, IndexedDB are bound to
> specific
> origin
> even by considering Web Messaging technology or cloning of objects,
> still I think we need additional control for local resources.
> 
> my suggestion is
> 
> Access-Control-Allow-Local: "Access-Control-Allow-Local" ":" (Resource
> Name)
> 
> any comment?

What parts are you not able to share using postMessage, you say? I'm not
sure I follow why you'd need this?

http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html
-- 
  Odin Hørthe Omdal
  odinho@opera.com
Received on Saturday, 8 March 2014 00:14:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC