- From: Odin Hørthe Omdal <odinho@opera.com>
- Date: Sat, 08 Mar 2014 01:14:09 +0100
- To: public-webappsec@w3.org
On Wed, Mar 5, 2014, at 1:38, Mountie Lee wrote: > let me propose "Access-Control-Allow-Local" to CORS. > > current CORS spec is defined for remote resources. > > but some local resources like localStorage, IndexedDB are bound to > specific > origin > even by considering Web Messaging technology or cloning of objects, > still I think we need additional control for local resources. > > my suggestion is > > Access-Control-Allow-Local: "Access-Control-Allow-Local" ":" (Resource > Name) > > any comment? What parts are you not able to share using postMessage, you say? I'm not sure I follow why you'd need this? http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html -- Odin Hørthe Omdal odinho@opera.com
Received on Saturday, 8 March 2014 00:14:40 UTC