Ian Hickson wrote: > Access-Control is designed only to protect the _user_ who, > when visiting > potentially hostile sites using a trusted conforming client, may be > exposed to code that will try third-party access, [...]
The current design clearly doesn't provide any such protection since the _user_'s consent is not required for the third-party site to issue the cross-domain request. Just because a third-party site wants to delete my email and has the permission to do so with my consent, doesn't mean it should be allowed to go ahead and do so without my consent. The current design never requires the user's consent to wield the user's authority. --Tyler
