[whatwg] Same-origin checking for media elements

Sander van Zoest sander at vanzoest.com
Fri Nov 21 18:58:27 PST 2008


On Fri, Nov 21, 2008 at 11:12 AM, Ralph Giles <giles at xiph.org> wrote:

> On Fri, Nov 21, 2008 at 9:15 AM, Sander van Zoest <sander at vanzoest.com>
> wrote:
>
> > For example: What are my limitations, if I put my video at
> http://ex.cdn/,
> > but load it from http://www.example.com/ ?
> > Is there a way for me to whitelist a particular list of hosts/domains?
>
> There is a way for you to whitelist particular hosts, but this must be
> implemented by the cdn servers, it's not something one can do from
> one's own domain. You might find Gregory Maxwell's original post to
> the theora list helpful; it describes the whole process.
>
>  http://lists.xiph.org/pipermail/theora/2008-November/001930.html


Thanks. yes, based on that post the origin checking should be okay. Most
CDNs
have the ability to pass along origin HTTP headers, so as long as it isn't
anything
that is unique to each client, this should work fine.

-- Sander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081121/971fb5db/attachment.htm>


More information about the whatwg mailing list