[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Rob Meijer
capibara at xs4all.nl
Mon Jul 6 13:26:12 EDT 2009
On Mon, July 6, 2009 07:54, Adam Barth wrote:
>> I can't imagine Acme Finance would be happy about paying for a service
>> with such a flaw. Maybe the problem is that I don't understand how the
>> Origin header gets used.
>
> The service lets Acme Finance contact Google Finance directly from the
> user's browser (i.e., without proxying via acme.com). This is
> valuable to Acme.
Wouldn't it be much simpler for this scenario if Google Finance would
provide an API with what Acme Finance could create and manage proxies at
google.com to delegate to individual users?
More information about the cap-talk
mailing list