While I'm obviously pro enterprise policy, I think we need to be convinced that this is Mostly Harmless without policy, perhaps with CORS-RFC1918 as a pre-req. But if we're going to talk CORS, why not just introduce a CORS-Anonymous spec? What's the use-case?
image search by URL: you could let the client download the image and then upload it to the search engine, but especially with asymmetric down/up link speeds on customer internet connections, that might be much slower
-
-
image display in webmailers: the whole reason you use a proxy is to hide the client IP
-
I think you misunderstand the use case, because neither example makes sense for this proposal. Try this: A podcast listening app. It reads RSS and caches audio files for use offline. Today all that routes through the app's server, even though it's handling public resources.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.