On Tue, Jun 8, 2010 at 4:17 AM, Henri Sivonen <[email protected]> wrote: > "Aaron Boodman (劉)" <[email protected]> wrote: >> If we add paths to the mix, we can do this. Applications on the same >> origin can circumvent it if they want, but why would they? SOP >> already >> guarantees that apps on the same origin are friendly and cooperate >> with each other. That doesn't mean it isn't useful for the UA to know >> which one is which. > > I have to wonder why Google needs the browser team to solve this instead of > having the Reader team relocate their stuff to reader.google.com (like > maps.google.com is located already).
Last time I asked about this, the answer I got was that there were performance and branding considerations around whether to host an app on www or on a dedicated subdomain. For security, putting each app on a separate subdomain is a win. Adam
