On Thu, Jul 19, 2012 at 2:43 PM, Henry Story <henry.st...@bblfish.net> wrote: > If a mechanism can be found to apply restrictions for private IP ranges then > that > should be used in preference to forcing the rest of the web to implement CORS > restrictions on public data. And indeed the firewall servers use private ip > ranges, > which do in fact make a good distinguisher for public and non public space.
It's not just private servers (there's no guarantee those only use private IP ranges either). It's also IP-based authentication to private resources as e.g. W3C has used for some time. -- http://annevankesteren.nl/