- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 12 Mar 2010 08:41:28 +0100
On Fri, 12 Mar 2010 08:35:48 +0100, Brett Zamir <brettz9 at yahoo.com> wrote: > My apologies if this has been covered before, or if my asking this is a > bit dense, but I don't understand why there are restrictions on > obtaining data via XMLHttpRequest from other domains, if the request > could be sandboxed to avoid passing along sensitive user data like > cookies (or if the user could be asked for permission, as when > installing browser extensions that offer similar privileges). Did you see http://dev.w3.org/2006/webapi/XMLHttpRequest-2/ http://dev.w3.org/2006/waf/access-control/ ? > Servers are already free to obtain and mix in content from other sites, > so why can't client-side HTML JavaScript be similarly empowered? Because you would also have access to e.g. IP-authenticated servers. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 11 March 2010 23:41:28 UTC