On Tue, Feb 17, 2015 at 8:02 AM, Marcos Caceres <[email protected]> wrote:
> We don't want people going around taking other people's content without > permission on scale. That's just wrong Key point there being "scale". Doing it w/o permission "before-scale" is how a lot of things get started, and that's just fine, I suspect. To unpack: this kind of non-technical relationship basis for an API to work is what makes it harder for new entrants in any market. It's making it hard for FxOS to gain marketshare in part because it makes it hard for "flipboard clones" to emerge, because they're by definition not popular enough for publishers to bother entering in a relationship with, let alone adding their site to a whitelist. People who are advanced in their thinking of their server endpoints as a platform end up building authentication APIs, which I have no problem with. For the others (most "content" out there), we end up with an incentive which reinforces incumbents. Which is a problem, IMO. When looking at that security model, a startup hoping to bootstrap something like a flipboard clone (or ideally something like flipboard but with some innovation), without the option of SystemXHR, will create a server which proxies those requests, circumventing the CORS security model until they get to the scale at which publishers a) might notice the server impact, and b) will take their calls. And that, I suspect is fine for 99% of startups out there. But it does mean that bootstrapping requires a server aspect to the app, which then diminishes the strength of a pure-client model (and has obvious privacy implications). --da
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
