<div dir="ltr">On Tue, Sep 30, 2008 at 5:42 PM, Ian Hickson <span dir="ltr"><ian@hixie.ch></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Mon, 29 Sep 2008, Maciej Stachowiak wrote:<br>
> On Sep 28, 2008, at 3:32 AM, Robert O'Callahan wrote:<br>
> ><br>
</div><div class="Ih2E3d">> > I'm suggesting just reusing the Access Controls spec for that.<br>
> ><br>
> > So for example, the server could say:<br>
> > Same-Origin-Only-Unless-Access-Controls-Says-Otherwise: yes<br>
> > Access-Control-Allow-Origin: <a href="http://example.com" target="_blank">http://example.com</a><br>
><br>
> I think this is a really good proposal. It would allow Web sites to<br>
> place all content under a single uniform policy for access control, as<br>
> opposed to the state today where cross-site access depends on how the<br>
> resource is embedded.<br>
<br>
</div>I don't think this would really work for Google. Many widgets (e.g. the<br>
mapping widget) are expected to be placed on any site, but how could the<br>
widget provider know who is evil and who isn't? What about if an otherwise<br>
not evil site is compromised? (This happens regularly, especially with,<br>
e.g., sites with forum software or blog software.) We don't want a<br>
vulnerability in a widget host site to immediately allow this kind of<br>
attack on all the widgets that that site hosts.<br>
</blockquote><div><br>Choose your friends carefully. But really, why does this mapping widget need to expose UI that can be abused to do evil things with my Google account?<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Secondly, consider Google Image Search, or Reddit with its "open link with<br>
reddit toolbar" option, or any other site that allows arbitrary Web<br>
navigation in a frame or iframe while hosting some sort of toolbar content<br>
from its own page in another frame or container page. This option would<br>
mean that many sites would stop working with these containers, despite<br>
these containers not doing anything evil (there's no overlapping content,<br>
the user is fully aware of what's going on, etc).<br>
<div></div></blockquote><div> </div></div>If I understand correctly, with Michal's option 3, those sites would also stop working as soon as the user scrolled down in the framed page (so that the top-left of the framed page is out of view).<br>
<br clear="all">Rob<br>-- <br>"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]<br>
</div>