- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 17 Nov 2008 02:33:45 +0000 (UTC)
On Mon, 17 Nov 2008, Silvia Pfeiffer wrote: > > Maybe it is possible to combine the two approaches 2) and 3) as > proposed by Robert O'Callahan. > The Access-Control-Allow-Origin: "*" header would then allow access > to more information than is available through the restricted API. > (This was an approach suggested on #theora). My intent is that when we have an API to restrict, we use Access-Control to restrict it (providing opt-in to the full API, implicitly a limited API, and a Referer-based, Origin-based, and/or A-C based opt-out of any access whatsoever). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 16 November 2008 18:33:45 UTC