- From: Hans Schmucker <hansschmucker@gmail.com>
- Date: Sat, 14 Mar 2009 14:00:14 +0100
Doesn't that kind of defeat the purpose of access control to have fine grained control over who is allowed access? Public resources are a quick fix for most scenarios that I can imagine, but I think using patterns would appear more consistent and logical to most users. It may not be terribly useful, but it would avoid a few embarassing moments for people who use access control. On 3/14/09, Robert O'Callahan <robert at ocallahan.org> wrote: > On Sat, Mar 14, 2009 at 12:53 PM, Hans Schmucker > <hansschmucker at gmail.com>wrote: > >> Question is: what would be the best way to fix it? Of course the spec >> could be changed for video and image, but wouldn't it be simpler to >> update the defintion of origins to include patterns that can represent >> allow rules? >> > > I don't think changing the definition of origins is the right way to go. It > seems better to define a category of "public" resources, specify that a > resource served with "Access-Control-Allow-Origin: *" is "public", and have > <canvas.> treat public resources specially. > > Rob > -- > "He was pierced for our transgressions, he was crushed for our iniquities; > the punishment that brought us peace was upon him, and by his wounds we are > healed. We all, like sheep, have gone astray, each of us has turned to his > own way; and the LORD has laid on him the iniquity of us all." [Isaiah > 53:5-6] >
Received on Saturday, 14 March 2009 06:00:14 UTC