- From: Brad Kemper <brad.kemper@gmail.com>
- Date: Mon, 22 Jun 2009 10:07:50 -0700
- To: "Anne van Kesteren" <annevk@opera.com>
- Cc: François REMY <fremycompany_pub@yahoo.fr>, "Robert O'Callahan" <robert@ocallahan.org>, "CSS 3 W3C Group" <www-style@w3.org>
On Jun 21, 2009, at 10:51 PM, Anne van Kesteren wrote: >> If such an header is present, urls that don't match the criteria >> should not be >> allowed to acceed to the ressource. This simple principe could be >> applied on the whole web without having problem with old content, >> that doens't contains the header. >> >> It would be a similar system that what is already done with the >> XMLHttpRequest object, except that if no header is present, the >> ressource (font, image, video) can be used while whit XHR no >> header means no autorisation. >> >> What do you think of it ? > > Making it use the same headers as the CORS protocol but with wildly > different semantics does not seem like a good idea to me. Also, I'm > somewhat skeptical that something which negatively affects clients > that implement it when incorrectly used can be successfully deployed. Has CORS already been implemented, based on the WD, or is there still time to make changes to it that make prevent that usage from being incorrect?
Received on Monday, 22 June 2009 17:08:32 UTC