Re: [MIX] Modifications to script APIs

https://github.com/w3c/webappsec/commit/aac819b28287e8fd3a9ebad2666336e2bc77a24b

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, Nov 3, 2014 at 12:38 PM, Mike West <mkwst@google.com> wrote:

> On Fri, Oct 31, 2014 at 8:55 AM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>
>> > CORS isn't particularly relevant to either CSP or MIX, is it? Both
>> intend to
>> > block requests before they hit the network; CORS should never have a
>> chance
>> > to take effect.
>>
>> open() threw in some implementations for cross-origin URLs making it
>> harder to introduce CORS. Having open() throw for the URL argument for
>> anything other than parsing reasons is just bad news.
>>
>
> Ok, this makes sense. Given the theoretical future world in which mixed
> content blocks some amazing feature (perhaps the IoT discussion in that
> other thread, for instance), we should drop the exception. Thanks for
> arguing with me. :)
>
> -mike
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>

Received on Monday, 3 November 2014 12:52:13 UTC