[whatwg] Same-origin checking for media elements

On Mon, 17 Nov 2008, Silvia Pfeiffer wrote:
>
> Maybe it is possible to combine the two approaches 2) and 3) as
> proposed by Robert O'Callahan.
> The Access-Control-Allow-Origin: "*"  header would then allow access
> to more information than is available through the restricted API.
> (This was an approach suggested on #theora).

My intent is that when we have an API to restrict, we use Access-Control 
to restrict it (providing opt-in to the full API, implicitly a limited 
API, and a Referer-based, Origin-based, and/or A-C based opt-out of any 
access whatsoever).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Sunday, 16 November 2008 18:33:45 UTC