W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Same-origin checking for media elements

From: Sander van Zoest <sander@vanzoest.com>
Date: Fri, 21 Nov 2008 18:58:27 -0800
Message-ID: <98c2a8300811211858s1da1f83aq1f966276dfbb9482@mail.gmail.com>
On Fri, Nov 21, 2008 at 11:12 AM, Ralph Giles <giles at xiph.org> wrote:

> On Fri, Nov 21, 2008 at 9:15 AM, Sander van Zoest <sander at vanzoest.com>
> wrote:
>
> > For example: What are my limitations, if I put my video at
> http://ex.cdn/,
> > but load it from http://www.example.com/ ?
> > Is there a way for me to whitelist a particular list of hosts/domains?
>
> There is a way for you to whitelist particular hosts, but this must be
> implemented by the cdn servers, it's not something one can do from
> one's own domain. You might find Gregory Maxwell's original post to
> the theora list helpful; it describes the whole process.
>
>  http://lists.xiph.org/pipermail/theora/2008-November/001930.html


Thanks. yes, based on that post the origin checking should be okay. Most
CDNs
have the ability to pass along origin HTTP headers, so as long as it isn't
anything
that is unique to each client, this should work fine.

-- Sander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081121/971fb5db/attachment.htm>
Received on Friday, 21 November 2008 18:58:27 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC