- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Thu, 07 May 2015 06:14:37 -0400
- To: Anne van Kesteren <annevk@annevk.nl>
- CC: Frederik Braun <fbraun@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On 05/07/2015 06:11 AM, Anne van Kesteren wrote: > On Thu, May 7, 2015 at 12:05 PM, Wendy Seltzer <wseltzer@w3.org> wrote: >> Can't we do the fetch without authentication? > > You already do that, that's what crossorigin=anonymous does. Firewalls > are the problem, as I said so many times now... I recommend that > everyone that does not realize that CORS is required here takes a > crash course in web security. Here's a start: > > https://annevankesteren.nl/2015/02/same-origin-policy Sure firewalls are the problem. So say that those behind firewalls should fix their resource control in a way that doesn't require those in the open to add headers to make their resources truly open. --Wendy > > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Thursday, 7 May 2015 10:14:50 UTC