[webkit-dev] Allowing webkit clients to extend XHR security policy
levin at google.com
Thu Apr 9 21:50:00 PDT 2009
On Thu, Apr 9, 2009 at 9:03 PM, Alexey Proskuryakov <ap at webkit.org> wrote:
> On 09.04.2009, at 22:38, Aaron Boodman wrote:
> The local scheme feature is actually more powerful than just XHR
> If you only need extensions to do XHR, why not just make them use
> cross-origin XHR? That way, the extension won't even need to declare the
> origins it's going to access - all checks will be server-side, as with
> normal cross-origin XHR.
I think the idea is that a user could install an extension and the user
could trust the extension to do the cross-origin xhr (without the server for
the x-origin doing anything special).
For example, I used to have the book burro FF extension (
http://www.bookburro.org/) which displayed prices for books from several
book stores when you visit another online book store.
> - WBR, Alexey Proskuryakov
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev