On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
- it is applicable at the client side without scripting
This is not possible, for the simple reason that the whole point of
CORS is to protect server resources. If you could deal with CORS
purely on the client side, you'd be allowing the page author to
determine if they themself are allowed to access a file on another
server. That's a pretty obvious inversion of responsibility. ^_^
Well, more precisely there is nothing that needs to be done on the
client side for CORS, right?
-Boris
