Bjoern Hoehrmann wrote:
* Nathan wrote:
Personally, I don't follow why JS running in a user agent should have
completely different access rules to the rest of the web, primarily
because a few site admin's feel it's a good idea to expose sensitive
data via IP-based auth on intranets / on the web via stateful sessions
on a stateless protocol.
If you do not depend on a user's special standing with a third party
site, you can configure your server as proxy between your user and the
third party site. That's more difficult for you, but easier for users
and maintainers of third party sites. If we'd do away with the access
restriction, it'd be easier for you, and more difficult for users and
third parties. What we have now is largely due to following the path
of least resistance (which is probably true for most web technology).
Thanks Bjoern,
Is it possible to set up a server as a proxy, where a client side ssl
certificate is also proxied through, should the server at the address
being proxied request one?
Best,
Nathan
