- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 7 May 2015 06:35:32 +0200
- To: Tanvi Vyas <tanvi@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, May 6, 2015 at 8:17 PM, Tanvi Vyas <tanvi@mozilla.com> wrote: > Thoughts? Please stop poking holes in SOP. If we think SOP is no longer appropriate we should do something about that, but we should not poke holes in it for each new thing that comes along. For now advocating proper use of CORS seems like better use of our time. The specification should probably point out that for resources behind a firewall, CORS should only be used with an origin (not *) and only for origins that are behind the same firewall. -- https://annevankesteren.nl/
Received on Thursday, 7 May 2015 04:35:56 UTC