- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 04 Nov 2004 13:14:50 -0600
- To: Thomas DeWeese <Thomas.DeWeese@Kodak.com>
- CC: www-svg@w3.org
Thomas DeWeese wrote: > Why would you restrict ports if you restrict to the originating > server? Because webhosting is fairly common. In that case you have many hostnames associated with a single server, and a different port may well correspond to a different entity (in the "person or organization" sense of entity). > BTW you absolutely should not allow even HTTP requests to anything but > the originating server from Script, otherwise they can browse > a persons intranet Of course. > Sorry, I totally disagree, this is still a very useful interface. > Not everything on the web is or should be HTTP. There are many > cases where you want long lived connections with Bi-directional > data. I agree with this in principle. I just don't see how it can be made to work semi-reliably in practice without being a major hassle to the user (having to manually white-list sites, etc). -Boris
Received on Thursday, 4 November 2004 19:15:35 UTC