On Wed, Feb 18, 2015 at 7:16 PM, James Burke <jrbu...@gmail.com> wrote: > Mobile use is really large. Native mobile apps do not have > restrictions from these APIs.
As indicated most don't need them either. > If web sites are concerned about getting > cross domain hits, they can get them now from native apps. The only reason "native apps" have these is because they are centrally vetted and distributed. And not having that is what makes the web great. > We definitely need to be careful, making sure we do not pass things > like cookies for these types of requests, and to also allow for > services to explicitly indicate they do not want to allow these types > of connections, but what has been suggested instead of using these > types of APIs does not seem better. XSRF is not the primary concern. Firewalled content is the concern. -- https://annevankesteren.nl/ _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
