This question already has an answer here:
Some might argue that stackoverflow is not the right for this question, but I do want to get a programmers take on this, and there's no place better than this. I don't see this as argumentative.
It seems that today there are many ways for a web client to load content from servers other than the one serving the current page: WebRTC, JSONP, html includes such as scripts and images, etc'.
Every web developer hits the wall of the cross-domain policy issue at some point, whether if it's because they need to fetch content from another website, a public API or just divide their backend into many different independent services.
It doesn't look like the policy is helping the web, rather it is limiting it, making web development harder than it needs to be, and specifically more limited than native/desktop apps.
I want to understand if this is something other than an unneeded relic.
So my question is - is there a good argument (security or other) why in 2016, where there is no longer a clear distinction between web apps and other apps, we should still have this limitation? (argument must not apply to native apps...)
Aucun commentaire:
Enregistrer un commentaire