[whatwg] File based permission files?
Ian Hickson
ian at hixie.ch
Wed Jun 13 14:27:18 PDT 2012
On Wed, 25 Apr 2012, Tyler Larson wrote:
>
> While working with the canvas tag when you want to edit pixel data
> within an image loaded from another server you need to have these images
> served from a web server with cross origin resource sharing headers.
> http://www.w3.org/TR/cors/
>
> This means every web server around the internet will need to be
> reconfigured to output these headers for each asset they want to give
> access to. As you can see from threads like this
> https://forums.aws.amazon.com/thread.jspa?threadID=34281 host don't want
> to change the way they serve files. Reconfiguring most web servers is
> out of the question for a majority of situations.
This provides a competitive environment where hosting providers can cater
to authors who need CORS headers.
> The flash player has similar security concerns, you can not load an
> image from another server and edit its pixel information without a
> crossdomain.xml file. This system has been in place so long that most
> companies have these files already in place and are usually giving
> access to all assets on their servers.
>
> http://www.google.com/crossdomain.xml
> http://www.apple.com/crossdomain.xml
> http://www.yahoo.com/crossdomain.xml
> http://www.adobe.com/crossdomain.xml
Given the number of security problems this has caused, I do not think we
should go down this route.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list