Re: adding Access-Control-Allow-Local to CORS from Odin Hørthe Omdal on 2014-03-08 (public-webappsec@w3.org from March 2014)

From: Odin Hørthe Omdal <odinho@opera.com>
Date: Sat, 08 Mar 2014 01:14:09 +0100
To: public-webappsec@w3.org
Message-Id: <1394237649.18049.91952301.014E9050@webmail.messagingengine.com>

On Wed, Mar 5, 2014, at 1:38, Mountie Lee wrote:
> let me propose "Access-Control-Allow-Local" to CORS.
> 
> current CORS spec is defined for remote resources.
> 
> but some local resources like localStorage, IndexedDB are bound to
> specific
> origin
> even by considering Web Messaging technology or cloning of objects,
> still I think we need additional control for local resources.
> 
> my suggestion is
> 
> Access-Control-Allow-Local: "Access-Control-Allow-Local" ":" (Resource
> Name)
> 
> any comment?

What parts are you not able to share using postMessage, you say? I'm not
sure I follow why you'd need this?

http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html
-- 
  Odin Hørthe Omdal
  odinho@opera.com

Received on Saturday, 8 March 2014 00:14:40 UTC