On Sun, 14 Mar 2010 02:45:26 +0100, Brett Zamir wrote:
Servers are already free to obtain and mix in content from other
sites, so why can't client-side HTML JavaScript be similarly empowered?
Because you would also have access to e.g. IP-authenticated servers.
As suggested above, could a hea
> As suggested above, could a header be required on compliant browsers to send
> a header along with their request indicating the originating server's
> domain?
Yes, but it's generally a bad practice to release new features that
undermine the security of existing systems, and requiring everybody t
On 3/12/2010 3:41 PM, Anne van Kesteren wrote:
On Fri, 12 Mar 2010 08:35:48 +0100, Brett Zamir
wrote:
My apologies if this has been covered before, or if my asking this is
a bit dense, but I don't understand why there are restrictions on
obtaining data via XMLHttpRequest from other domains, if
On Thu, 2010-03-11 at 23:50 -0800, Michal Zalewski wrote:
> > Servers are already free to obtain and mix in content from other sites, so
> > why can't client-side HTML JavaScript be similarly empowered?
>
> I can see two reasons:
>
> 1) Users may not be happy about the ability for web applicatio
> Servers are already free to obtain and mix in content from other sites, so
> why can't client-side HTML JavaScript be similarly empowered?
I can see two reasons:
1) Users may not be happy about the ability for web applications to
implement an unprecedented level of automation through their clie
On Fri, 12 Mar 2010 08:35:48 +0100, Brett Zamir wrote:
My apologies if this has been covered before, or if my asking this is a
bit dense, but I don't understand why there are restrictions on
obtaining data via XMLHttpRequest from other domains, if the request
could be sandboxed to avoid pas
Hi,
My apologies if this has been covered before, or if my asking this is a
bit dense, but I don't understand why there are restrictions on
obtaining data via XMLHttpRequest from other domains, if the request
could be sandboxed to avoid passing along sensitive user data like
cookies (or if th
