On Sep 12, 2013, at 10:44 AM, John Clizbe <[email protected]> wrote:
> Signed PGP part > Geoffrey Irving wrote: > > A followup to the discussion of CORS and openhkp.js: I started a thread > > on the sks-devel list about supporting CORS, and submitted a candidate > > patch: > > > > http://lists.nongnu.org/archive/html/sks-devel/2013-09/msg00001.html > > > > Only one reply so far, though, and that somewhat negative. > > > > I also submitted a request for CORS support in the new hockeypuck > > keyserver, and offered to write the patch if they'd be willing to accept > > it: > > > > https://bugs.launchpad.net/hockeypuck/+bug/1222583 > > > > Hopefully we'll get a positive reply from at least one of these, and > > javascript will be able to query keyservers without proxies. > > > > Geoffrey > > Hi Geoffrey, > > I was going to reply on [sks-devel], but this is as good a place as any. > The patch to wserver.ml is fairly straightforward. But I'm curious as to why > wserver.mli was patched to remove the interface spec for send_result. That was just general paranoia about generic looking functions with open CORS interfaces. It would be fine (better?) to leave it public, but if so it needs to be documented so that some unsuspecting future user doesn't copy and paste code for some other purpose and generate a security hole. I suppose I actually already wrote the required comment in the .ml, so I probably should have just copied the comment to the .mli. > BTW, I can probably give you keyserver.gingerbear.net and sks.keyservers.net > to test against Awesome, thanks! Let me know when I should give it a try. Geoffrey
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ http://openpgpjs.org
