https://github.com/w3c/webappsec/commit/aac819b28287e8fd3a9ebad2666336e2bc77a24b -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Mon, Nov 3, 2014 at 12:38 PM, Mike West <mkwst@google.com> wrote: > On Fri, Oct 31, 2014 at 8:55 AM, Anne van Kesteren <annevk@annevk.nl> > wrote: > >> > CORS isn't particularly relevant to either CSP or MIX, is it? Both >> intend to >> > block requests before they hit the network; CORS should never have a >> chance >> > to take effect. >> >> open() threw in some implementations for cross-origin URLs making it >> harder to introduce CORS. Having open() throw for the URL argument for >> anything other than parsing reasons is just bad news. >> > > Ok, this makes sense. Given the theoretical future world in which mixed > content blocks some amazing feature (perhaps the IoT discussion in that > other thread, for instance), we should drop the exception. Thanks for > arguing with me. :) > > -mike > > -- > Mike West <mkwst@google.com> > Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >Received on Monday, 3 November 2014 12:52:13 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC