[whatwg] Canvas origin-clean should not ignore Access Control for Cross-Site Requests

Robert O'Callahan robert at ocallahan.org
Sat Mar 14 02:34:25 PDT 2009


On Sat, Mar 14, 2009 at 12:53 PM, Hans Schmucker <hansschmucker at gmail.com>wrote:

> Question is: what would be the best way to fix it? Of course the spec
> could be changed for video and image, but wouldn't it be simpler to
> update the defintion of origins to include patterns that can represent
> allow rules?
>

I don't think changing the definition of origins is the right way to go. It
seems better to define a category of "public" resources, specify that a
resource served with "Access-Control-Allow-Origin: *" is "public", and have
<canvas.> treat public resources specially.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090314/8f46cc56/attachment-0002.htm>


More information about the whatwg mailing list