- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 16 Nov 2010 13:06:22 -0500
On 11/16/10 12:56 PM, Tab Atkins Jr. wrote: >> - it is applicable at the client side without scripting > > This is not possible, for the simple reason that the whole point of > CORS is to protect server resources. If you could deal with CORS > purely on the client side, you'd be allowing the page author to > determine if they themself are allowed to access a file on another > server. That's a pretty obvious inversion of responsibility. ^_^ Well, more precisely there is nothing that needs to be done on the client side for CORS, right? -Boris
Received on Tuesday, 16 November 2010 10:06:22 UTC