[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
capibara at xs4all.nl
Fri Jun 26 12:33:49 EDT 2009
On Fri, June 26, 2009 01:02, Toby Murray wrote:
> On Thu, 2009-06-25 at 15:55 -0700, David Wagner wrote:
>> Security is often a pain. Could you elaborate on why/how the Origin:
>> header makes this case less of a pain?
> No; I can't do that. I'm not arguing that CORS is less of a pain. I was
> quoting Adam Barth, who did make this claim. I'll certainly argue that
> the CORS folks believe the unguessable tokens approach is (more of) a
> pain (than CORS). Despite appearances to the contrary, I've never
> believed this to be so. I'm just trying to distill an argument against
> the idea that unguessable tokens are more of a pain than CORS by playing
> devil's advocate.
Wouldn't making this argument be much less relevant than the argument of
solving a much more generic version of the problem?
More information about the cap-talk