W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Same-origin checking for media elements

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 17 Nov 2008 02:33:45 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0811170232360.1041@hixie.dreamhostps.com>
On Mon, 17 Nov 2008, Silvia Pfeiffer wrote:
>
> Maybe it is possible to combine the two approaches 2) and 3) as
> proposed by Robert O'Callahan.
> The Access-Control-Allow-Origin: "*"  header would then allow access
> to more information than is available through the restricted API.
> (This was an approach suggested on #theora).

My intent is that when we have an API to restrict, we use Access-Control 
to restrict it (providing opt-in to the full API, implicitly a limited 
API, and a Referer-based, Origin-based, and/or A-C based opt-out of any 
access whatsoever).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 16 November 2008 18:33:45 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC