Talk:Cross-origin resource sharing
|WikiProject Computing||(Rated Start-class, Low-importance)|
- 1 Server Side Control vs. Browser Side Control
- 2 Requested move
- 3 URLs in examples
- 4 Orphaned references in Cross-origin resource sharing
- 6 BULLSHIT
Server Side Control vs. Browser Side Control
The webpage sthFrom1st.html needs to tell the web browser what sites can be deemed as the same origin.
In fact, I think that this is easy to specify. In the html head, we can specify additional domains should be allowed to access. Browsers read these, then the original domain and the additional domains are all deemed to be the same origin. Currently, it is the browser block us. I am at http://1st.com/a.html, then I access http://2nd.com/d.html, with ajax or xmlhttprequest, use firefox, I can clearly see that the remote server returns everything, and everything is good. but the browser does not allow me to access the content.Jackzhp (talk) 23:58, 25 June 2011 (UTC)
- This is not the right place for discussing the future of browser technology. I suggest you bring your use case and proposal to the mailing list of the Web Applications Working Group of W3C, where CORS, the specification of Cross Domain control in your terminology and the subject of this entry, is being developed. I'll delete your section for the moment as "we" (and also future stuff) is fairly rare in Wikipedia. — Kennyluck (talk) 22:29, 27 June 2011 (UTC)
- For my own reference, at the client side, Content Security Policy should be utilized, CORS related stuff should be at the server side. And the current situation is explained in the BULLSHIT section below. Jackzhp (talk) 07:08, 21 October 2017 (UTC)
URLs in examples
The following URL, used in the "simple example" section, does not follow best standard practice. As per RFC 2606:
Orphaned references in Cross-origin resource sharing
I check pages listed in Category:Pages with incorrect ref formatting to try to fix reference errors. One of the things I do is look for content for orphaned references in wikilinked articles. I have found content for some of Cross-origin resource sharing's orphans, the problem is that I found more than one version. I can't determine which (if any) is correct for this article, so I am asking for a sentient editor to look it over and copy the correct ref content into this article.
Reference named "ars-blink":
- From Opera (web browser): "Google going its own way, forking WebKit rendering engine". Ars Technica. Retrieved 4 April 2013.
- From Blink (layout engine): "Google going its own way, forking WebKit rendering engine". Ars Technica. April 2013. Retrieved 4 April 2013.
I apologize if any of the above are effectively identical; I am just a simple computer program, so I can't determine whether minor differences are significant or not. AnomieBOT⚡ 03:51, 30 August 2015 (UTC)
The WikiProject is also taking on the organization of the Wikipedia community's user script support pages. If you are interested in helping to organize information on the user scripts (or are curious about what we are up to), let us know!
Thank you. The Transhumanist 01:07, 12 April 2017 (UTC)
- I can see that you are frustrated as I did. Eventually I realized that the our frustration came from the fact that those smart people is not willing to clarify why CORS is indeed needed. I really want to chenge the first paragraph of the article, but there are many people like to remove what I edit, so I put it here: Jackzhp (talk) 07:06, 21 October 2017 (UTC)
- CORS is a mechanism for a web server to delegate its Origin/Referrer based authorization check to web browsers. Why the Origin/Referrer based authorization check is needed? Since a web browser can open several web sites at the same time, for a site with confidential data, at least the confidential data should not be allowed to be accessed by any other web sites unless stated otherwise as did with Content Security Policy. In order for the web server to allow some specific other sites to access its resources, the web server should check the request's origin before serve the request. This is the Origin/Referrer based authorization check. However, at present, almost all web servers take the assumption as granted: other web sites will not access confidential data of my site which is guaranteed by the old same origin/site policy, they do not do the Origin based authorization check at all. That's to say the origin based authorization check is delegated to web browsers. And then when the confidential data of a web site grants access to some specific sites, it can achieve this only by notify the web browsers with CORS. That's to say to delegate even more origin based authorization check to web browsers. Jackzhp (talk) 07:06, 21 October 2017 (UTC)