On Tue, Mar 26, 2013 at 7:30 PM, Jonas Sicking <jo...@sicking.cc> wrote:
> I think the original concern was that implementations might not be > able to reliably generate unguessable URLs. Potentially that's > something that we could require though. > Being able to generate a securely-random token isn't a concern--if you don't have a secure PRNG, you probably can't even do TLS. The platform already requires one for https://developer.mozilla.org/en-US/docs/DOM/window.crypto.getRandomValues, too. For what it's worth, it seems like you don't strictly need to have cross-origin access to blob URLs if you're passing the resource via postMessage, since you can just post the Blob itself. Doing it that way avoids the brittleness of needing to revoke the URL--autoRevoke won't help you if your'e posting a URL asynchronously--which is a significant simplification for authors. (Not to argue against relaxing this restriction if the above is the only reason for it; in retrospect I might have argued for restricting blob URLs to the same thread and event loop, but it's too late for that now.) -- Glenn Maynard