- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 11 May 2010 12:46:13 +0200
- To: Nathan <nathan@webr3.org>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
On Tue, 11 May 2010 10:32:44 +0200, Nathan <nathan@webr3.org> wrote: > In light of all that's been discussed, would you agree that neither > approach is ideal, and that the current closed xhr web approach (whilst > it keeps things safe in the interim) isn't a long-term fix that > addresses both issues? I don't think your issue is critical. It can be worked around easily with a proxy. And most applications will have some kind of server component that can do the requests on behalf of the application. > As noted the same issue(s) will arise again with browser extensions in > the near future. Thus, can we open CORS+same origin policy for XHR up to > a round of suggestions that keep the web both safe and open at the same > time? - or at least make it a bit easier to open up by adding default > CORS settings for an entire domain in a .well-known place or suchlike. That has too much potential for problems. This was discussed at length in the past already. > IMHO universal browser based client side applications running over a web > of data is a huge thing for the web to loose, and something I wouldn't > like to see given up, especially with the advent of HTML5+JS APIs - all > the pieces are in place, the web is shifting in this direction - and > afaict this issue is the only thing blocking us from progressing. It doesn't really see to be blocking us too much. Web-based feed readers etc. have been prevalent for a long time. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 11 May 2010 10:47:01 UTC