On Tue, May 4, 2010 at 2:45 PM, Jonas Sicking <[email protected]> wrote:
> > If these were limited to Uniform Messages, how much of a need would there
> > still be to disallow them? What would the remaining threats be?
>
> Would it allow reading resources behind corporate firewalls using a
> browser running on a computer behind said firewall?
>
>
Only if the resource responds with an "Access-Control-Allow-Origin: *"
header.
--
Cheers,
--MarkM
