- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Tue, 16 Nov 2010 10:12:25 -0800
On Tue, Nov 16, 2010 at 10:06 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote: > On 11/16/10 12:56 PM, Tab Atkins Jr. wrote: >>> - it is applicable at the client side without scripting >> >> This is not possible, for the simple reason that the whole point of >> CORS is to protect server resources. ?If you could deal with CORS >> purely on the client side, you'd be allowing the page author to >> determine if they themself are allowed to access a file on another >> server. ?That's a pretty obvious inversion of responsibility. ?^_^ > > Well, more precisely there is nothing that needs to be done on the client > side for CORS, right? Ah, if that's what Markus was getting at, then yes. CORS requires *zero* work on the client side, since it's completely done in the server-browser interaction. The entirety of the client's interaction in the process is the initial request for a resource. ~TJ
Received on Tuesday, 16 November 2010 10:12:25 UTC