W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [MIX] Modifications to script APIs

From: Mike West <mkwst@google.com>
Date: Mon, 3 Nov 2014 13:51:24 +0100
Message-ID: <CAKXHy=cvHR7k-uCWz0qA5WHAFTN8G8wjZJtDKqnzB8BqLpQkgQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebAppSec WG <public-webappsec@w3.org>
https://github.com/w3c/webappsec/commit/aac819b28287e8fd3a9ebad2666336e2bc77a24b

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, Nov 3, 2014 at 12:38 PM, Mike West <mkwst@google.com> wrote:

> On Fri, Oct 31, 2014 at 8:55 AM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>
>> > CORS isn't particularly relevant to either CSP or MIX, is it? Both
>> intend to
>> > block requests before they hit the network; CORS should never have a
>> chance
>> > to take effect.
>>
>> open() threw in some implementations for cross-origin URLs making it
>> harder to introduce CORS. Having open() throw for the URL argument for
>> anything other than parsing reasons is just bad news.
>>
>
> Ok, this makes sense. Given the theoretical future world in which mixed
> content blocks some amazing feature (perhaps the IoT discussion in that
> other thread, for instance), we should drop the exception. Thanks for
> arguing with me. :)
>
> -mike
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
Received on Monday, 3 November 2014 12:52:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC