On Thu, Jul 29, 2010 at 3:44 PM, Charles Pritchard <ch...@jumis.com> wrote: > There are some warnings in browsers for other security items: > "This HTTPS Certificate is not valid, Continue / Cancel"
That's recognized pretty universally as a horrible prompt that is actively bad for the user. > It does set a precedent for prompts like: > "This domain kitties4life.com is trying to access an image from flickr.com, > Continue / Cancel". Similarly, users wouldn't have a clue what this means. > But, as I've said, using CORS is a far better alternative; > and using XMLHttpRequest isn't completely absurd, provided there were > a clean route for managing the data. Indeed. ~TJ