On Nov 5, 2009, at 6:04 PM, Devdatta wrote:
Hi Maciej,
Read <from>
If the <from> resource is owned by the domain specified by Origin,
return
the data.
.....
CrossDomainCopy <from-domain> <from-resource> <read-token> <to-
domain>
<to-resource> <write-token>
I don't understand the aim of the whole protocol you have outlined
above.
I'm sorry, I outlined it in a pretty sketchy way because I was writing
in a hurry and had other things to get to.
Are you saying CORS should be rewritten to directly support such a
design ?
No - there are no changes to CORS needed to support it.
or Is this a design pattern you are recommending (for use with CORS) ?
This is a possible design when building applications that do cross-
site networking, and in particular ones that may involve delegated
requests or requests combining information from multiple sites.
If the latter, do you honestly expect web developers to read and
understand all that ?
The complexity in my proposed protocol is not related to CORS - you'd
face the same complexity or greater doing a purely token-based
protocol over something like GuestXHR. And you can use a much simpler
approach with CORS if you are only doing simpler two-party interactions.
Or have I missed the point completely ?
I wouldn't put it that way. I wrote something without a simple
explanation assuming readers would have context and I guess it
confused you, which is my fault. Sorry!
- Maciej
