[theora] <video/> and cross site scripting policy.
Jonas Sicking
jonas at sicking.cc
Fri Nov 7 18:45:58 PST 2008
Silvia Pfeiffer wrote:
> On Fri, Nov 7, 2008 at 3:23 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>> On Thu, Nov 6, 2008 at 11:07 PM, Robert O'Callahan <robert at ocallahan.org> wrote:
>>> One thing to keep in mind is that if we ship with a same-origin restriction
>>> now, and then discover later that was a really dumb mistake, we can then
>>> relax it and little has been lost. But if we ship with no restrictions and
>>> then find out *that* was a dumb mistake, there's nothing we can do without
>>> massively breaking things; we'll have to live with that mistake forever
>>> (like <img>).
>> This is a very good point which I had not fully considered.
>>
>> I'd like to point out that <img> can be significantly improved:
>> Specify a header Access-Control-Deny-Origin: with the following rules:
>> If there is an allow header mentioning your origin, allow. If there
>> is a deny mentioning your origin deny. If there is a wildcard allow,
>> allow, wildcard deny deny. No header? Allow for legacy things, deny
>> for new things/unsafe things.
>>
>> Under that scenario images would eventually gain the protection as
>> servers are updated to emit a deny. But in that situation I'd
>> suggest that video should work like img in accordance with the
>> principle of least surprise.
>
> I like this suggestion. It's one that is built to enable access
> control where necessary without restricting the general case where
> people just want to make their content available.
>
> Can this be an alternative for <video/> too?
This would address the leaching bandwidth problem by giving sites a way
to disable hotlinking, but it wouldn't address any of the problems that
I brought up in my previous mail.
We can't ask people to opt in to security, too many will forget and we'd
have to assume that they will.
/ Jonas
More information about the theora
mailing list