[Bitcoin-development] Allow cross-site requests of payment requests

Would it be a terrible idea to amend BIP 70 to suggest implementors include a Access-Control-Allow-Origin: * response header for their payment request responses? I don't think this opens up any useful attack vectors. I ask because this would make it practical for pure HTML5 web wallets to use the

Re: [Bitcoin-development] Allow cross-site requests of payment requests

It sounds OK to me, although we should all sleep on it for a bit. The reason this header exists is exactly because mobile code fetching random web resources can result in surprising security holes. That's fair. From the server perspective, I'd argue that payment requests / payments already

Re: [Bitcoin-development] Why are we bleeding nodes?

. Get started now for free. http://p.sf.net/sfu/SauceLabs ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Andy Alness Software Engineer Coinbase San

Re: [Bitcoin-development] Why are we bleeding nodes?

of the P2P protocol. It seems reasonable especially for inv messages. On Tue, May 20, 2014 at 2:46 PM, Andy Alness a...@coinbase.com wrote: Has there ever been serious discussion on extending the protocol to support UDP transport? That would allow for NAT traversal and for many more people to run

Re: [Bitcoin-development] Proposed BIP 70 extension

://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Andy Alness Software Engineer Coinbase San Francisco, CA -- Open source business process management suite built on Java and Eclipse Turn processes into business