On Thu, Feb 4, 2010 at 2:05 PM, Tyler Close tyler.cl...@gmail.com wrote:
On Wed, Feb 3, 2010 at 2:34 PM, Maciej Stachowiak m...@apple.com wrote:
I don't think I've ever seen a Web server send Vary: Cookie. I don't
know offhand if they consistently send enough cache control headers to
prevent
On Mon, Dec 21, 2009 at 5:35 PM, Adam Barth w...@adambarth.com wrote:
On Mon, Dec 21, 2009 at 5:17 PM, Kenton Varda ken...@google.com wrote:
The problem we're getting at is that CORS is being presented as a
security
mechanism, when in fact it does not provide security. Yes, CORS
On Fri, Dec 18, 2009 at 12:04 AM, Ian Hickson i...@hixie.ch wrote:
On Thu, 17 Dec 2009, Kenton Varda wrote:
With the right capability-based infrastructure, the capability-based
solution would be trivial too. We don't have this infrastructure.
This is a valid concern.
It's not so much
Somehow I suspect all this has been said many times before...
On Wed, Dec 16, 2009 at 11:45 PM, Maciej Stachowiak m...@apple.com wrote:
CORS would provide at least two benefits, using the exact protocol you'd
use with UM:
1) It lets you know what site is sending the request; with UM there is
On Thu, Dec 17, 2009 at 2:21 AM, Maciej Stachowiak m...@apple.com wrote:
On Dec 17, 2009, at 1:42 AM, Kenton Varda wrote:
Somehow I suspect all this has been said many times before...
On Wed, Dec 16, 2009 at 11:45 PM, Maciej Stachowiak m...@apple.com wrote:
CORS would provide at least two
On Thu, Dec 17, 2009 at 10:08 AM, Maciej Stachowiak m...@apple.com wrote:
On Dec 17, 2009, at 9:15 AM, Kenton Varda wrote:
On Thu, Dec 17, 2009 at 2:21 AM, Maciej Stachowiak m...@apple.com wrote:
I'm not saying that Alice should be restricted in who she shares the feed
with. Just
On Thu, Dec 17, 2009 at 12:58 PM, Ian Hickson i...@hixie.ch wrote:
With CORS, I can trivially (one line in the .htaccess file for my site)
make sure that no sites can use XBL files from my site other than my
sites. My sites don't do any per-user tracking; doing that would involve
orders of
On Thu, Dec 17, 2009 at 4:41 PM, Ian Hickson i...@hixie.ch wrote:
What one liner are your proposing that would solve the problem for XBL,
XML data, videos, etc, all at once?
Are we debating about the state of existing infrastructure, or theoretically
ideal infrastructure? Honest question.
Dec 2009, Kenton Varda wrote:
On Thu, Dec 17, 2009 at 12:58 PM, Ian Hickson i...@hixie.ch wrote:
With CORS, I can trivially (one line in the .htaccess file for my
site) make sure that no sites can use XBL files from my site other
than my sites. My sites don't do any per-user tracking
Without the benefit of full context (I only started following this list
recently), I'd like cautiously to suggest that the UM solution to Ian's
challenge seems awkward because the challenge is itself a poor design, and
UM tends to be more difficult to work with when used to implement designs
that
On Wed, Dec 16, 2009 at 9:25 PM, Ian Hickson i...@hixie.ch wrote:
A concrete example of the example I was talking about is Google's Finance
GData API. There's a fixed URL on A (Google's site) that represents my
finance information. There's a site B (my portal page) that is hard-coded
to fetch
11 matches
Mail list logo