Idea we've been toying with: How about allowing anonymous (i.e. no credentials or cookies) cross-origin XHR/fetch? Note: This assumes additional guard rails for localhost/intranet/non-routables, plus a simple opt-out.
[IMO ability to do blind requests is a historical SOP weakness, and there should be an opt-in way to whitelist origin entry points and methods of origin entry (e.g. "only permit entry via top-level link (e.g. no cross-origin script/image embedding), only to /entrypoint/*") :P]
-
-
FWIW,
@mikewest actually has a plan, and may even have people currently working on addressing this. - End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.