Re: CORS for local resources

On Wed, Feb 12, 2014 at 12:05 AM, Mountie Lee <mountie@paygate.net> wrote:
> I have some questions.
> do we(these WebAppSec members) have discussed CORS for local resources?
> Web Storage (IDB, LocalStorage...) or other origin specific resources are
> bound to same origin.

The storage areas are. The objects they store can be shared.


> I already reviewed postMessage or other cross-origin mechanisms. but those
> are not the best.

postMessage() is how you share JavaScript objects across origins. What
is the problem?


-- 
http://annevankesteren.nl/

Received on Wednesday, 12 February 2014 10:51:59 UTC