[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
stay
stay at google.com
Wed Jul 8 17:00:34 EDT 2009
On Wed, Jul 8, 2009 at 12:37 PM, David-Sarah
Hopwood<david-sarah at jacaranda.org> wrote:
> stay wrote:
>> On Mon, Jul 6, 2009 at 2:53 PM, Karp, Alan H<alan.karp at hp.com> wrote:
>>> To your first point above, can the software making the request be a script
>>> on a page or a browser plug-in? If so, what prevents Bob's Finance from
>>> delivering to the user's browser software that will make requests as Acme Finance?
>>
>> The fact that almost no one installs plugins.
>
> That's not true. They install Flash, and Flash ActionScript code can make
> such requests.
Flash communication is bound by the same-domain rules unless the
target server explicitly makes an exception via crossdomain.xml or (if
the target of the request is a flash file) the allowDomain() function.
--
Mike Stay
stay at google.com
More information about the cap-talk
mailing list